Double-check your SSO configuration before you click Save on the SSO settings page. When you click Save, Make enables SSO with the settings you provided. and logs you out immediately. You cannot log in with your credentials anymore.
Log in to your Make White Label instance.
Go to Administration > System settings.
Select an SSO type.
None - default option indicating that SSO is turned off.
OAuth 2.0
Select this option for OpenID Connect (OIDC).
SAML
Fill in the protocol-specific information as described in the tables following this procedure.
Enter an IML resolve. The IML resolve maps necessary data such as ID, name, and email, between Make and your identity provider.
Under SSO Options, define whether and how your instance assigns new users to organizations. You can choose from the following options:
Don't create a new organization.
This option only creates a new user. That new user has no access to the scenario editor or other features. You must manually add the new user to an organization.
Create a new organization and team.
This option is similar to what happens to Make users on the public cloud. They receive their own organization and can create scenarios as they like.
Assign to an existing organization and team.
This option requires entering the organization ID number and team ID number. An example use case is users within the same company. Each new user joins the organization and can only access their assigned organization and team.
Click Save.
Make enables SSO with the settings you provided and logs you out immediately. You can now log in with your SSO provider credentials. At the same time, you receive an email with a one-time link, which you can click to disable SSO. Use the one-time link within 24 hours before it expires. After 24 hours you must contact your customer success specialist.
When logging in using SSO for the first time, you must use an account that has the same email address as the account that you used to configure SSO. Make sure that you assign the same email address to the user in your identity provider.
Open ID Connect (OAuth 2.0 settings)
The following fields appear once you select OAuth 2.0 from the SSO menu:
SAML 2.0 settings
Create your service provider primary key and certificate
Your Make White Label instance signs and verifies SAML 2.0 requests with the primary key and certificate that you provide.
Use openssl or similar as in the following example:
openssl req -newkey rsa:2048 -new -nodes -x509 -keyout key.pem -out cert.pem
This example creates two separate files that you can extract into the following fields:
Service provider primary key
Service provider certificate
Create URLs for your instance as a service provider
To configure SSO on your identity provider, you need to provide URLs. The following are examples using the base domain https://example.celonis.integromat.
Adjust them according to the domain of your instance.
SAML ACS URL:
https://example.celonis.integromat.com/sso/samlSAML Entity Information URL (also known as Audience Restriction URL):
https://example.celonis.integromat.com/sso/saml
Create and enter Login IML resolve
To support a broad choice of identity providers (IdPs), Make lets you map values related to identifying users. The IML resolve maps the values from your IdP to Make's internal values by using IML, a JavaScript-based function notation. Your IML resolve must be specific to your IdP. You must map the following properties:
Example
In the following example, the resolve maps the following values:
Last updated