Context
Signing in with Single Sign On (SSO) is one of four ways to sign into Demandbase One (SSO, password, Google, or Salesforce). If you set up your users to sign in with SSO, the other methods become unavailable to them. See Log in to Demandbase One for further detail.
Important: Setting up SSO for login is optional.
Prerequisites/Preparation
To connect to the Demandbase Platform, you must:
- Use an SSO system that supports SAML 2.0, such as OKTA.
- Be able to input a Relay State URL (usually only a challenge for homegrown solutions.)
Steps: Setup
- Create a stub application in the SSO provider system.
-
Provide the following information to your Implementation team:
- IdP Issuer URI
- IdP Single Sign-On URL
- IdP Signature Certificate
- Email domain (e.g., @demandbase.com or @an.demandbase.com)
-
The Demandbase team creates a corresponding Identity Provider and Routing Rules, then shares the following information back with you:
- Assertion Consumer Service URL
- Audience URI
- Relay State URL
- Go to the stub application you’ve created in your SSO provider and enter the information provided by Demandbase.
Steps: Testing
- Confirm the setup steps are complete and ask Demandbase to enable the connector, either for a specific individual conducting the testing or for the whole team.
-
Test the connection in two ways:
- Navigate to the Demandbase Platform from your SSO homepage.
- Log out of SSO and navigate to https://web.demandbase.com.
Steps: Deployment
- Communicate to your team that their login experience will change to sign in with SSO, and they cannot use other methods.
-
Create user profiles in Demandbase.
Important: Demandbase does not support Just-In-Time Provisioning. For new users, create the user in Demandbase One first. If you want an exception to your tenant-level rule, for example, a contractor with a different email, contact Support to create an exception. - (Optional) If you’re using a system such as OKTA, you can include a Demandbase image file for the tile.
Troubleshooting
If a user is unable to sign in with SSO, check the following:
- User is signing in from the SSO tile, or from the correct web site: https://web.demandbase.com
- They have a Demandbase user profile.
- If the user, such as a contract worker, does not use your domain, contact Support to make an exception.