Set Up Single Sign On (SSO)

  • Updated

Context

Signing in with Single Sign On (SSO) is one of four ways to sign into Demandbase One (SSO, password, Google, or Salesforce). If you set up your users to sign in with SSO, the other methods become unavailable to them. See Log in to Demandbase One for further detail.

Important: Setting up SSO for login is optional.

Prerequisites/Preparation

To connect to the Demandbase Platform, you must:

  • Use an SSO system that supports SAML 2.0, such as OKTA. 
  • Be able to input a Relay State URL (usually only a challenge for homegrown solutions.)

Steps: Setup

  1. Create a stub application in the SSO provider system.
  2. Provide the following information to your Implementation team:
    • IdP Issuer URI
    • IdP Single Sign-On URL
    • IdP Signature Certificate
    • Email domain (e.g., @demandbase.com or @an.demandbase.com)
  3. The Demandbase team creates a corresponding Identity Provider and Routing Rules, then shares the following information back with you:
    • Assertion Consumer Service URL
    • Audience URI
    • Relay State URL
  4. Go to the stub application you’ve created in your SSO provider and enter the information provided by Demandbase.

Steps: Testing

  1. Confirm the setup steps are complete and ask Demandbase to enable the connector, either for a specific individual conducting the testing or for the whole team.
  2. Test the connection in two ways:

Steps: Deployment

  1. Communicate to your team that their login experience will change to sign in with SSO, and they cannot use other methods.
  2. Create user profiles in Demandbase. 
    Important: Demandbase does not support Just-In-Time Provisioning. For new users, create the user in Demandbase One first. If you want an exception to your tenant-level rule, for example, a contractor with a different email, contact Support to create an exception.
  3. (Optional) If you’re using a system such as OKTA, you can include a Demandbase image file for the tile.

Troubleshooting

If a user is unable to sign in with SSO, check the following:

Was this article helpful?

5 out of 7 found this helpful