SSO is here!
Proposify now offers the ability to use Salesforce, Okta and Azure as Identity Providers by utilizing a managed Connected App.
This feature is available on our business plan: if you are on this plan already, reach out to your Success Manager to have this turned on for your account.
This article will cover:
SSO is only supported on accounts using a subdomain; {my.company}.proposify.com - not the app.proposify.com domain. See the article Branded URL to set up your domain.
Setup Guide
Salesforce
-
To start, navigate to your Settings page, and select SSO:
-
To configure the SSO settings, select Salesforce from the dropdown menu next to Provider:
-
After the settings have been saved, when a user visits a page that requires authentication on your Proposify subdomain, they will be redirected to the Salesforce login page (if they don’t already have an established session):
-
The first time a user logs in through Single Sign-On (SSO), they will be prompted to authorize the SSO connected app:
-
There is a 2-minute timeout for authorizing and logging in. If the user takes longer than two minutes, they’ll be redirected back to the standard Proposify login page. Simply access the desired page again to authenticate.
After authorization, the user will be redirected to the Proposify app. By default, a user will be redirected to login.salesforce.com when logging in. However, if an account is already connected to Salesforce, they can skip the login form entirely and be redirected to the instance URL specified by the integration. -
There are optional configurations available in Salesforce for managing OAuth usage, Block and Install:
Block will render the SSO login to Proposify unusable. -
Install will allow you to manage the SSO Connected App, including:
- enabling 2FA with "High Assurance Session",
- tweaking session timeouts,
- setting start URLs and mobil start URLS to https://{my-company}.proposify.com/,
- set the app visible to show the Proposify login app in the App Launcher,
- user provisioning: coming soon! -
Once the connected app is installed, you can grant access to it through User Profiles:
That's it! By following these steps, you can easily set up and use the Salesforce SSO integration with Proposify.
Okta
To set up Okta SSO, we will start in Okta.
-
As an Okta Administrator, create a new application for Proposify SSO:
Note the selections on “OIDC - Open ID Connect for sign-in method, and Web Application in Application Type. -
Next, add a few more selections to the General Settings of the New Web App Integration:
-
Make sure to use the authorization code flow in Grant type.
Once you are done creating your application, you will get an OAuth2 Client ID and Client Secret generated (keep those handy!). You can also assign users or groups to the application if you did not already. -
Next, head into Proposify, and in the Settings, select SSO:
-
Add an OpenID Connect provider:
-
Locate your Okta domain OpenID Connect Configuration, located at: https://{myoktasubdomain}.okta.com/.well-known/openid-configuration
and add that into the Auto Discovery URL Field:
- Once you add the URL to the field, you can select Auto Fill. If you don’t, you’ll need to fill in some fields manually in the Advanced Configuration section.
- Enter an easy-to-recognize name for the Identity Provider Identifier, but note it should be unique in your account.
- Copy the Client ID from the created Okta application, paste it into the applicable field, and do the same with your Client Secret. Once those are in, select submit. -
You’ll see the new provider in the list:
-
Scroll up to the top of the page to select your new Provider from the list in the dropdown menu, and click Save Settings:
Your Okta SSO has now been successfully set up!
Azure
Here we will cover the setup of SSO with Azure Active Directory, and to begin we will start inside of Azure AD.
We currently don't support SAML SSO with Azure, only OpenID Connect (OIDC).
-
As an Azure Active Directory Administrator, create a new App Registration for Proposify SSO:
-
Make sure to put in a Web type Redirect URI to https://app.proposify.com/sso/callback
-
Take note of the Application (client) ID and Directory (tenant ID):
-
Generate client credentials by clicking Add a certificate or secret:
-
Select New client secret:
-
Add a name to the Description:
-
Take careful note of the Value and the Secret ID (best to copy these to a notepad as they are used later), these will not be visible once you leave this page.
Note: You can assign your app registration to users or groups to limit who can use SSO. -
Head back into Proposify, and in the Settings, click on the SSO icon:
-
Add an OpenID Connect Provider:
-
Locate your Azure domain OpenID Connect Configuration, which is located at https://login.microsoftonline.com/{your tenant ID here}/v2.0/.well-known/openid-configuration.
- You’ll paste that URL into the Auto Discover URL field.
- Once you add the URL to the field, you can select Auto Fill. If you don’t, youll need to fill in some fields manually in the Advanced Configuration section.
- Enter an easy-to-recognize name for the Identity Provider Identifier, but note it should be unique in your account.
- Make sure to select Azure/AD instead of Generic in the Identity Provider Style dropdown.
- Add the Client ID from the created Azure Application (client) ID.
- Add the Client Secret from the created client credentials Secret Value, select Submit. -
You’ll now see your new provider in the list:
-
Scroll up to the top of the page to select your new provider from the list in the dropdown menu, and click Save Settings.
Finally, when inside of Proposify, logout.
After logging out, be sure to visit your Proposify domain that points to your dashboard: {yourDomain}.proposify.com/dashboard
You’ve now successfully set up your Azure SSO.
Troubleshooting
- If there are users who will not utilize the SSO login, they can login normally using app.proposify.com which will bypass the SSO login.
- Take a look at your URL: if you see {yourDomain}.proposify.com/login, remove login.
- These three features are coming soon, and aren't currently functional.
- Add your third party web address to the trusted sites in Salesforce.
- Make sure emails match on both sides (inside Proposify, and Salesforce).
- Make sure the account ID for the email address you are using to login matches the account ID for the SSO provider configuration.