Single Sign-On (SSO) is an account security feature that authenticates users and grants access to applications. Only Facilitators & Referrers can use the SSO feature to log in.
Single Sign-On utilizes Security Assertion Markup Language (SAML 2.0) or OpenID Connect (1.0) protocols to defer user authentication to your chosen IdP and provide identity data for platform access control.
To use Single Sign-On, you must set up a domain with an Identity Provider (IdP) such as OneLogin, Google, Microsoft, or Okta.
Once you have chosen your preferred IdP and are ready to enable SSO for the Payrix Platform, follow the instructions below for the protocol you’re using:
OneLogin Setup
OneLogin - How to Implement SAML
For this example, we will be using OneLogin. Follow your IdP instructions for connection.
Step 1: Access the Single Sign-On menu
In the OneLogin app, access the SAML application and click Configurations.
In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts > Single Sign-On and click the “edit” button.
Select SAML2.0 from the “Single Sign-On Protocol” drop-down and copy the Entity ID and Single Logout URL.
From the Portal, paste the Entity ID and Single Logout URL into the corresponding fields on the Configurations tab in OneLogin.
Click Save in the Configurations tab.
Step 2: Enable OneLogin Single Sign-On
In the OneLogin app, navigate to the SSOtab.
Copy the following fields from OneLogin and paste them in the Portal Single Sign-On menu fields:
OneLogin App (Copy)
Payrix Portal (Paste)
Notes
OneLogin App (Copy)
Payrix Portal (Paste)
Notes
Issuer URL
Entity ID
SAML 2.0 Endpoint (HTTP)
SAML 2.0 Endpoint
SLO Endpoint (HTTP)
Single Logout Service Endpoint
XL509 certificate
XL509
To see the XL509 certificate field in OneLogin, click the “View Details” button.
Step 3: Apply Single Sign-On Configuration
In the Portal, click the checkmark (where the edit button was) to confirm and save the changes.
Navigate to the Profile page and click the Update Single Sign-On button.
Done.
Your new Single Sign-On setup is complete.
OneLogin - How to Implement with OpenID
For this example, we will be using OneLogin. Follow your IdP instructions for connection.
Step 1: Access the Single Sign-On menu
In the OneLogin app, access the OpenID application and click Configurations.
In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts > Single Sign-On and click the “edit” button.
Select OpenID from the “Single Sign-On Protocol” drop-down and copy the Redirect URLs; paste them in the Redirect URLs section of the OneLogin Configurations tab app.
Step 2: Enable OneLogin Single Sign-On
In the OneLogin app, navigate to the SSOtab.
Copy the following fields from OneLogin and paste them into the Portal Single Sign-On menu fields:
OneLogin App (Copy)
Payrix Portal (Paste)
Notes
OneLogin App (Copy)
Payrix Portal (Paste)
Notes
Issuer URL
Entity ID
Client ID
Client ID
Client Secret
Client Secret
Click “show” to reveal the secret to be copied.
Step 3: Apply Single Sign-On Configuration
In the Portal, click the checkmark (where the edit button was) to confirm and save the changes.
Navigate to the Profile page and click the Update Single Sign-On button.
Done.
Your new Single Sign-On setup is complete.
Google
Google - How to Implement SAML
For this example, we will be using Google. Follow your IdP instructions for connection.
Step 1: Setup in Google Admin
From the home page of the Google Admin console, navigate to Apps->SAML Apps and click: Add App > Add custom SAML app.
Add a name into the App Details page.
Download the IdP metadataor Copy the SSO URL, Entity ID, and download the Certificate; then, click Continue.
Step 2: Enable Access to Portal
In the Portal, go to the Single Sign-On menu.
Copy these fields from the Single Sign-On menu and paste them into the Service Provider Details window of the Google Admin console. Then click Finish
Payrix Portal →
Google Admin console
Payrix Portal →
Google Admin console
ACS URL
ACS URL
Entity ID
Entity ID
Start URL
Start URL
Step 3: Turn on your SAML App
From the Google Admin console, go to Apps and select your new SAML app.
Click User Access, then locate the On/Off for Everyone toggle.
On for everyone - Enables SSO with SAML for everyone in your Google organization.
Off for everyone - Disables SSO with SAML for everyone in your Google organization.
When finished, click Save.
Step 3: Enable SSO for a Host
In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts
Locate the desired Hostname and click on their listing. You will be taken to their Profile page.
In the Profile page, click Features, locate Single Sign-On within the menu, and toggle it to On.