Single Sign-on (SSO) allows Memsource users to log in to Memsource via third-party applications. Memsource enables integrations with identity providers (IdPs) compliant with the SAML 2.0 protocol. Existing usernames and passwords remain valid if SSO is deactivated.
Prerequisite: Administrator Login
To enable Single Sign-On, follow these steps:
-
From the Settings
page, scroll down to the section and click on Details.
The
page opens. -
Select
.Configuration details are presented.
-
Complete the following fields:
The first five fields should be completed using information from an IdP. (Configuring SSO for OneLogin.)
-
This is used to validate the authenticity of the IdP. Depending on fingerprint generation, it is delimited by either colons or spaces. If authentication is not successful, switch the colons and spaces in the fingerprint to ensure it is correctly applied.
-
-
This value is provided by the IdP to uniquely identify your domain.
-
This is the URL that Memsource will call to request a user login from the IdP. The IdP authenticates and logs in users.
-
When users log out of Memsource, this URL is called to log them out of the IdP.
-
Choose the URL of the web page that users will see when they log out of Memsource, e.g. a list of applications available to them in the IdP.
-
Select whether users will identify themselves using a
or an address. Memsource requires a unique username by default, but users can opt to use the same email address multiple times. Choosing the option will require users to use a unique email address. -
This field redirects users to the appropriate IdP configured for an SP-initiated SSO flow. It corresponds to the field Log in with SSO.
accessible via
-
-
Click Save.
Settings are applied for the organization.
To configure SCIM properties, follow these steps:
Note: If SSO is enabled in your organization, emails sent to any newly created users will not include a password generation link as the main means of access to Memsource is via SSO.
Options:
-
Allow users to change their login credentials
Uncheck this box to prevent users from editing their usernames, passwords, and emails. Can be used to force users to access Memsource only through SSO (as SSO uses a different authentication method).
-
New users mapped to
Sets default user role for new users created via SSO. The Linguist role is selected by default.
and the can be used by an IdP to configure Memsource as the recipient application and to establish the connection.
The Organization ID is found in the
field on the bottom of the page.Some SSO providers require Entity ID / Metadata URL, ACS URL or SLS URL.
If required, use the below URLs for your appropriate datacenter:
EU Data Center
-
Entity ID/Metadata URL:
https://cloud.memsource.com/web/saml2Login/metadata/{orgId}
-
ACS URL:
https://cloud.memsource.com/web/saml2Login/sacs/{orgId}
-
(Optional) SLS (Single Logout Service) URL:
https://cloud.memsource.com/web/saml2Login/ssls/{orgId}
US Data Center
-
Entity ID/Metadata URL:
https://us.cloud.memsource.com/web/saml2Login/metadata/{orgId}
-
ACS URL:
https://us.cloud.memsource.com/web/saml2Login/sacs/{orgId}
-
(Optional) SLS (Single Logout Service) URL:
https://us.cloud.memsource.com/web/saml2Login/ssls/{orgId}