Single Sign-On

Available for

Ultimate and Enterprise editions

Get in touch with Sales for licensing questions.

Single Sign-on (SSO) allows Memsource users to log in to Memsource via third-party applications. Memsource enables integrations with identity providers (IdPs) compliant with the SAML 2.0 protocol. Existing usernames and passwords remain valid if SSO is deactivated.

Enable Single Sign-On

Prerequisite: Administrator Login

To enable Single Sign-On, follow these steps:

From the Settings page, scroll down to the Single Sign-On section and click on Details.

The Single Sign-On page opens.
Select Enable SSO for your organization.

Configuration details are presented.
Complete the following fields:

The first five fields should be completed using information from an IdP. (Configuring SSO for OneLogin.)
- Certificate Fingerprint
  
  This is used to validate the authenticity of the IdP. Depending on fingerprint generation, it is delimited by either colons or spaces. If authentication is not successful, switch the colons and spaces in the fingerprint to ensure it is correctly applied.
- Certificate Fingerprint Algorithm
- Issuer URL
  
  This value is provided by the IdP to uniquely identify your domain.
- SAML 2.0 Endpoint (HTTP)
  
  This is the URL that Memsource will call to request a user login from the IdP. The IdP authenticates and logs in users.
- SLO Endpoint (HTTP)
  
  When users log out of Memsource, this URL is called to log them out of the IdP.
- Landing URL (Optional)
  
  Choose the URL of the web page that users will see when they log out of Memsource, e.g. a list of applications available to them in the IdP.
- Key User Identifier
  
  Select whether users will identify themselves using a USERNAME or an EMAIL address. Memsource requires a unique username by default, but users can opt to use the same email address multiple times. Choosing the EMAIL option will require users to use a unique email address.
- Domain name
  
  This field redirects users to the appropriate IdP configured for an SP-initiated SSO flow. It corresponds to the field Company domain accessible via Log in with SSO.
Click Save.

Settings are applied for the organization.

SCIM Configuration

To configure SCIM properties, follow these steps:

Select Enable SCIM.

SCIM configuration details are presented.
Click Generate New Token.

The SCIM Bearer Token field is populated with a unique token.
Copy the token and the SCIM Base URL.

These will be used in identity provider settings.
Click Save.

Configuration is saved.

User Management

Note: If SSO is enabled in your organization, emails sent to any newly created users will not include a password generation link as the main means of access to Memsource is via SSO.

Options:

Allow users to change their login credentials

Uncheck this box to prevent users from editing their usernames, passwords, and emails. Can be used to force users to access Memsource only through SSO (as SSO uses a different authentication method).
New users mapped to

Sets default user role for new users created via SSO. The Linguist role is selected by default.

Application Details

Organization ID and the Domain URL can be used by an IdP to configure Memsource as the recipient application and to establish the connection.

The Organization ID is found in the Organization ID field on the bottom of the Single Sign-On page.

Some SSO providers require Entity ID / Metadata URL, ACS URL or SLS URL.

If required, use the below URLs for your appropriate datacenter:

EU Data Center

Entity ID/Metadata URL:

https://cloud.memsource.com/web/saml2Login/metadata/{orgId}
ACS URL:

https://cloud.memsource.com/web/saml2Login/sacs/{orgId}
(Optional) SLS (Single Logout Service) URL:

https://cloud.memsource.com/web/saml2Login/ssls/{orgId}

US Data Center

Entity ID/Metadata URL:

https://us.cloud.memsource.com/web/saml2Login/metadata/{orgId}
ACS URL:

https://us.cloud.memsource.com/web/saml2Login/sacs/{orgId}
(Optional) SLS (Single Logout Service) URL:

https://us.cloud.memsource.com/web/saml2Login/ssls/{orgId}