SalesLoft supports the use of single sign-on identity providers (also called SSO). These are session and user authentication services, such as OneLogin, Okta, or Active Directory, that permit a user to use one set of login credentials to access multiple applications.
In this article, we provide a walkthrough of how to set up several popular IdPs, including:
- Set Up Your Single Sign-On Provider
- Enabling and Disabling Single Sign-On via SAML
- SSO via Google OpenID Connect
- What If My Solution Is Not Listed?
- SSO Troubleshooting
SalesLoft currently has single sign-on via SAML setup capabilities with the following IdPs:
- Okta Instructions
- Salesforce IdP Instructions
- OneLogin Instructions
- Google SSO Through SAML Instructions
- Microsoft Azure Instructions
Please click the appropriate link to view step-by-step instructions for setting up your single sign-on provider.
SalesLoft also supports SSO via Google OpenID Connect.
Once everything is set up on the application end, you can enable single sign-on in your SalesLoft account. The instructions are labeled on the Single Sign-On Settings page under the SAML tab. For a detailed walkthrough of the instructions, follow these steps:
1. Go to the SalesLoft Single-Sign On Settings page. Click the Upload File button to upload the metadata file from your provider.
2. Click Enable SSO via SAML to apply it to your entire team. Things to Note: this will take effect immediately for all team members!
3. After you enable SSO, a pop up will appear with testing instructions. Follow the instructions in the pop up to test that your configuration is correct.
Once you've enabled SSO, you may disable it at any time from the same settings page.
SSO via Google OpenID Connect
OpenID Connect is an authentication protocol built with the goal of making single sign-on simple, easy to set up, and unlike SAML, requiring zero configuration.
SalesLoft offers OpenID Connect for teams that authenticate with Google.
Things to Note: This feature can be enabled for any team that signs in to SalesLoft using Gmail or G Suite email addresses.
To enable SSO via Google OpenID Connect, follow these steps:
- Go to the SalesLoft Single Sign-On Settings page.
- Select the SSO via Google OpenID Connect tab.
- Click the button Enable SSO via Google OpenID Connect.
Once connected, the Single Sign-On label at the top of the page will be followed by a green icon that designates which SSO option is enabled for your team.
If you are using an internal IdP solution or another IdP not listed here, these are the credentials typically used for setup (please contact SalesLoft Support if we do not list a credential you need):
- Audience/Audience URI: SalesLoft
- Recipient/ACS URL/Single Sign-On URL: https://accounts.salesloft.com/auth/saml-callback
- ACS (Consumer) URL Validator: ^https:\/\/accounts\.salesloft\.com
- Entity Id: SalesLoft
- Name Id Format: Email address
Relay State is not required: If you have an existing Relay State, then you may leave it as is. If you are configuring SAML/SSO for SalesLoft for the very first time, it is advised to leave the Relay State blank.
"ACS Url in request [...] doesn't match configured ACS Url [...]" This error message is due to the RelayState. RelayState is not required in the ACS URL. If you previously had a RelayState in the ACS URL, you may need to remove it.
I get an error message that says, "Sorry, you can't access SalesLoft because you are not assigned this app in Okta" when I click "Test Login." This means you have not assigned this application to your profile during setup in Okta. Go back to this step and assign the app, and then try again.
I get an error message that says, "There was an error while trying to parse your metadata file. Please try again." Typically this happens when you uploaded the wrong file or file type, such as a CSV. Please check that you are uploading the metadata XML file you downloaded from Okta. This could also happen if your metadata file is corrupted; when this happens, you can usually re-download a fresh copy of the metadata file and try again.