Admin Setup

Single Sign-On

Available in:

  • Ultimate and Enterprise editions
    Get in touch with Sales for licensing questions.  

Single Sign-on (SSO) allows Memsource users to log in to Memsource via third-party applications. Memsource enables integrations with identity providers (IdPs) compliant with the SAML 2.0 protocol.

Enabling Single Sign-On

Prerequisite: Administrator Login

To enable Single Sign-On, follow these steps:

  1. From the Setup ( ) page, scroll down to the Single Sign-On section. Click on Details.
    The Single Sign-On page opens.
  2. Select the Enable SSO for your organization radio button.
    Configuration details are presented.
  3. Complete the following fields:
    The first five fields should be completed using information from an IdP provider. (For more information about configuring SSO for Onelogin, see OneLogin documentation.)
    • Certificate Fingerprint: This is used to validate the authenticity of the IdP.
      Depending fingerprint generation, it is delimited by either colons or spaces. If authentication is not successful, switch the colons and spaces in the fingerprint to ensure it is correctly applied.
    • Certificate Fingerprint Algorithm: Select from SHA-1, SHA-256, SHA-384 or SHA-512.
    • Issuer URL: This value is provided by the IdP to uniquely identify your domain.
    • SAML 2.0 Endpoint (HTTP): This is the URL that Memsource will call to request a user login from the IdP. The IdP authenticates and logs in users.
    • SLO Endpoint (HTTP): When users log out of Memsource, this URL is called to log them out of the IdP too.
    • Landing URL (Optional): Choose the URL of the web page that users will see when they log out of Memsource.
    • Key User Identifier: Select whether users will identify themselves using a USERNAME or an EMAIL address. Note: Memsource requires a unique username by default, but users can opt to use the same email address multiple times. Choosing the EMAIL option will require users to use a unique email address.
  4. Apply severity ratings.
  5. Click Save.
    Settings will be applied to workflow steps in which LQA is enabled.

SCIM Configuration

To configure SCIM properties, follow these steps:

  1. Select the Enable SCIM radio button.
    SCIM configuration details are presented.
  2. Click Generate New Token.
    The SCIM Bearer Token field is populated with a unique token.
  3. Copy the token and the SCIM Base URL.
    These will be used in identity provider settings.
  4. Click Save.
    Configuration is saved.

User Management


  • Allow users to change their login credentials: Uncheck this box to prevent users from editing their usernames, passwords, and emails. Can be used to force users to access Memsource only through SSO (as SSO uses a different authentication method).
  • New users mapped to: Sets default new user role for new users created via SSO: Linguists, Project Managers, or Submitter. The Linguist role is selected by default.

Application Details

Organization ID and the Domain URL can be used by an IdP to configure Memsource as the recipient application and to establish the connection.

Some SSO providers require Entity ID / Metadata URL, ACS URL or SLS URL.
If required, use:

Was this article helpful?



Please sign in to leave a comment.