It is finally possible to set up SAML SSO with monday.com! This article explains you all the steps to process. 3, 2, 1.. go!
What is SAML?
Security Assertion Markup Language (SAML) gives users access to monday.com (SP) through an identity provider (IDP) of your choice. It works by transferring the user’s identity from one place (the identity provider) to another (monday.com). Enabling SAML through monday.com can be done in few easy steps!
Step 1: Configure your identity provider
The first step here is to set up a connection for monday.com SSO -also known as a connector- with your IDP. We are currently working with two main providers: OKTA and OneLogin, but you also have the option to use your own provider.
- To enable SAML using OKTA please click here.
- To enable SAML using OneLogin, please click here.
- To enable SAML using Azure AD, please click here.
- To enable SAML using custom SAML 2.0, please click here.
Step 2: Set up SAML SSO for monday.com
Once you've configured your identity provider, you just need to enable SAML into monday.com
- Sign into Monday.com and go to the Admin section
- Select Security and make sure to click on "open" next to SAML
- Fill in the details from your IDP
Note: If your organization is hoping to send encrypted SAML responses, select "Enable Monday Certificate". This will provide you the public encryption certificate to input into the IdP that ensures monday.com will be able to decrypt the SAML response.
Step 3: Provisioning
By default monday.com uses just in time provisioning, meaning the user is create in monday.com upon first login if he does not exist.
If you wish to enable full provisioning, please generate the token, and follow your IDP instructions to enable this. Monday.com supports IDP Initiated Flow or SP Initiated Flow.
What will happen once your SSO is enabled?
When you've finished setting up your SSO, each member will receive an email letting them know about the change. The email will prompt members to connect their monday.com accounts with your identity provider. From now on, all members will sign in to monday.com with their identity provider account.
Common errors after signing into your SSO provider
Some users might experience difficulties and not be able to use SSO. For example, after entering the credential of the user into the login page of the SSO provider, instead of being redirected back to monday.com page, the user gets an error message saying that the signed in user '[email protected]' is not assigned to a role for the application (the wording might be slightly different depending on the SSO provider). This means that the Admins of the account should go into the SSO provider your team is using and assign/add this user to the monday.com account.
If you have any further questions about setting up SSO with monday.com, feel free to reach out to our customer success team anytime right here.