Getting Started
      Back to home
      1. Support Center & FAQs | Setyl
      2. Getting Started

      A Guide to Configuring Setyl with your SAML provider

      Learn how to connect Setyl to your SAML provider of choice, using Okta, Microsoft Azure/Entra and OneLogin as examples

      Setyl’s SAML Single Sign-On (SSO) integration provides an added level of security control for your Organization. This guide will walk you through the process of configuring SAML SSO with Setyl.

      Although we’ll use Okta and Microsoft Azure as examples of Identity Providers (IdP) within this help article, other Identity Providers are likely to be supported, provided they are able to make use of the SAML 2.0 standard.

      Step 0: Before Starting

      • Ensure your role within Setyl is “Owner” level. Authentication settings are only visible to this role level.
      • Ensure that your Organization subscribes to Setyl’s SAML functionality. If you are an Owner role and your Organization subscribes to Setyl’s SAML service, you will see “SAML SSO” in the list of Authentication options from Settings > Company Settings > Authentication.
      • Logos to apply to the SAML connection login screens (right click, save and upload as needed):
        Setyl rectangleSetyl square

      Step 1: Enabling the SAML Service within Setyl

      1. Within your Setyl account, navigate to Settings > Company Settings > Authentication tab.
      2. Check that the “SAML SSO” toggle is enabled. If the toggle is not visible, SAML is not included in the package for your Organization.
      3. Click “Add New SAML Integration”.

      From this window, please follow the guide specific to your SAML provider below:

       

      Step 2 - Using Okta:

      1. Within Setyl, provide a name for the SAML integration within the SAML Provider Name field, for example, “SAML integration with Okta”.
      2. In a new tab, log into the Okta Admin console.
      3. Create a new application for Setyl, selecting SAML as the integration method.
      4. Copy and paste the “Setyl Metadata URL” from Setyl into the relevant field in the Okta Admin console. This is normally called "Audience URI (SP Entity ID)".
      5. Copy and paste the “Setyl Single Sign-On URL” from Setyl into the relevant field in the Okta Admin console.
      6. Choose Email Address as the "Name ID Format" in the Okta Admin Console. Select Email in the "Application username" field.
      7. Save the Okta configuration and keep the Okta browser tab open.
      8. Copy the “IdP Metadata URL” field from Okta Admin and input it into the “IdP Metadata URL” field in Setyl.
      9. Save the new connection by clicking “Add SAML Integration”.
      10. Enable the new SAML method from within the SAML SSO table.
      11. Recommended: After testing that the SAML authentication works correctly, disable other authentication methods so that SAML authentication is enforced to access Setyl.
      12. Optionally: Enable auto-provisioning of the SAML service. This will automatically create a new user within Setyl when provisioned from the SAML provider.

       

      Step 2 - Using Microsoft Azure

      1. Within Setyl, provide a name for the SAML integration within the SAML Provider Name field, for example, “SAML integration with Microsoft Azure”.
      2. Navigate to Microsoft Enterprise applications > New Application > Create your own application.
      3. Name the application, for example, “Setyl SAML Sign In”. Note that “Setyl.com” cannot be used as this is a separate, published app for Setyl’s Microsoft sync. 
      4. Select “Integrate any other applications you don’t find in the gallery (Non-gallery)”.
      5. Go to Single sign-on > SAML.
      6. Returning to the Setyl tab, copy the “Setyl Metadata URL” field. Paste this into the Azure > Basic SAML Configuration > Identifier (Entity ID) field.
      7. Returning to the Setyl tab, copy the “Setyl Single Sign-On URL” field. Paste this into the Azure > Basic SAML Configuration > Reply URL (Assertion Consumer Service URL) field.
      8. Within the Azure page > SAML Certificates > Copy the “App Federation Metadata Url” field and paste this into the Setyl “IdP Metadata URL” field.
      9. Save the Setyl SAML configuration by clicking “Add SAML Integration”.
      10. Within the Azure page > SAML Certificates > ensure that the “Notification Email” matches the email you receive authentication-related events at.
      11. Within the Azure page, click “Test”.
      12. Within the Azure page, navigate to “Users and groups” and map the provisioning of the Setyl app to users.
      13. Enable the new SAML method from within the SAML SSO table.
      14. Recommended: After testing that the SAML authentication works correctly, disable other authentication methods so that SAML authentication is enforced to access Setyl.
      15. Optionally: Enable auto-provisioning of the SAML service. This will automatically create a new user within Setyl when provisioned from the SAML provider.

      Step 2 - Using OneLogin

      1. Within Setyl, provide a name for the SAML integration within the SAML Provider Name field, for example, “SAML integration with OneLogin”.
      2. In a new tab, login to your OneLogin account and go to your control panel.
      3. Select "Applications" from the main control panel and click "Add App".
      4. In the search bar, type "SAML Test Connector" to find a template for a SAML application and select "SAML Test Connector (IdP)". onelogin setyl find app
      5. Name the application, for example, “Setyl SAML Sign In” and click "Save".onelogin setyl set up app
      6. Select "Configuration" and provide the required information:
        1. Audience: Returning to the Setyl tab, copy the “Setyl Metadata URL” field and paste this into the “Audience” field.
        2. Recipient: Returning to the Setyl tab, copy the “Setyl Single Sign-On URL” field and paste this into the “ Recipient” field.
        3. ACS (Consumer) URL Validator: Paste the same “Setyl Single Sign-On URL” from Setyl into the “ACS (Consumer) URL Validator” field.
        4. ACS (Consumer) URL: Paste the same “Setyl Single Sign-On URL” from Setyl into the “ACS (Consumer) URL” field. Click "Save".onelogin setyl set up app 2
      7. Select "SSO" and copy “Issuer URL” from there, paste this into the Setyl “IdP Metadata URL” field.onelogin setyl set up app 3onelogin setyl set up app 4
      8. Within Setyl, save the new connection by clicking “Add SAML Integration”.
      9. Within Setyl, enable the new SAML method from within the SAML SSO table.
      10. Recommended: After testing that the SAML authentication works correctly, disable other authentication methods so that SAML authentication is enforced to access Setyl.
      11. Optionally: Enable auto-provisioning of the SAML service. This will automatically create a new user within Setyl when provisioned from the SAML provider.