Signing in with Single Sign On (SSO) is one of four ways to sign into Demandbase One (SSO, password, Google, or Salesforce). If you set up your users to sign in with SSO, the other methods become unavailable to them. See Log in to Demandbase One for further detail.
In order to connect to the Demandbase Platform, you must:
- Hold an Enterprise-level Platform license
- Use an SSO system that supports SAML 2.0, such as OKTA
- Be able to input a Relay State URL (usually only a challenge for homegrown solutions)
Step 1. Create a stub application in the SSO provider system.
Step 2. Provide the following information to your Implementation team:
- IdP Issuer URI
- IdP Single Sign-On URL
- IdP Signature Certificate
- Email domain used by the company (e.g., @demandbase.com or @an.demandbase.com)
Step 3. The Demandbase team will create a corresponding Identity Provider and Routing Rules, then share the following information back with you:
- Assertion Consumer Service URL
- Audience URI
- Relay State URL
Step 4. Go to the stub application you’ve created in your SSO provider and enter the information provided by Demandbase to finish configuring the connection.
Step 5. Confirm that the setup steps are complete and ask Demandbase to enable the connector, either for a specific individual conducting the testing or for the whole team.
Step 6. Test the connection in two ways:
- Navigate to the Demandbase Platform from your SSO homepage
- Log out of your SSO and navigate to https://web.demandbase.com
Step 7. Communicate to the team that their login experience will change to sign in with SSO, and they cannot use other methods.
Step 8. Make sure to create users before their SSO connection will work. (Some SSOs use Just-In-Time Provisioning, which Demandbase does not support. For new employees, create the user in Demandbase One before they can log in. If you want an exception to your tenant-level rule, for example, a contractor with a different email, contact Support to create an exception.)
Step 9 (Optional). If you’re using a system such as OKTA, you can include a Demandbase image file for the tile.
If a colleague is unable to sign in with SSO, check these first: