Skip to main content
Single Sign-On (SSO)

Learn about single sign-on (SSO) and how it helps manage your organization.

Tiril Uggerud avatar
Written by Tiril Uggerud
Updated over 2 months ago

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) allows users to access Vev through their organization's Identity Provider (IdP), offering enhanced security and a seamless login experience. Vev’s SSO integration is powered by Google Cloud Platform (GCP) Identity Platform, ensuring enterprise-grade security and scalability.

This feature is only available for accounts on the Organization plan. Interested in the feature? Talk to sales.

How SAML SSO Works

When SAML SSO is configured for your account, the login process follows these steps:

  1. User Initiates Login: A user attempts to log in to Vev.

  2. SAML Request Sent: Vev sends a SAML request to the Identity Provider (IdP) associated with the user’s organization.

  3. IdP Validates Credentials: The IdP verifies the user’s credentials and sends a response back to Vev.

  4. Access Granted: Vev processes the response and grants the user access to their account.

Configuring SAML SSO

Identity providers (IdP)

Use any identity provider of your choice. Below are the most popular identity provider platforms:

  • OKTA

  • Azure AD by Microsoft

  • OneLogin

  • ADFS by Microsoft

  • Auth0

  • Google SSO

  • Jumpcloud SSO

How to configure you IdP

You’ll need to configure your Identity Provider (IdP) with the correct settings to establish a secure SSO connection with Vev.

  1. Go to Your Identity Provider's Configuration Section
    Navigate to your IdP's configuration area and follow their instructions to set up single sign-on. Each IdP has its own setup process, so refer to their specific documentation if needed.

  2. Add the Following Metadata
    Use the metadata settings below when configuring your IdP. We recommend skipping any optional fields and leaving any default values as they are:

    • Protocol: SAML 2.0

    • Service URL (SP-initiated URL) (Also known as Launch URL, Reply URL, Relying Party SSO Service URL, Target URL, SSO Login URL, Identity Provider Endpoint, etc.): https://editor.vev.design/sso

    • Assertion Consumer Service URL (Also known as Allowed Callback URL, Custom ACS URL, Reply URL): https://editor.vev.design/__/auth/handler

    • Entity ID (Also known as Identifier, Relying Party Trust Identifier): saml.x + account key (this will be found in your configuration modal)

    • Required Attribute Names: email

    • NameID Format: email

Depending on your IdP, you may need to provide additional details or adjust settings based on these specifications. Reach out to support if you need any assistance in this process.

Enabling SAML SSO in Vev

To enable and configure SAML SSO in Vev, follow these steps:

1. Accessing the SSO Settings

  1. Navigate to Account Settings.

  2. Select the Security tab from the menu.

2. Configuring and Registering Your IdP

Click Set up on the identity provider of your choice:

  • Okta Authentication

  • Custom SAML Provider

The custom SAML provider option is a generic authentication provider for SAML2-based systems, allowing you to manually configure any SAML2-enabled IdP.

You can register your IdP with Vev using one of the following methods:

Using Metadata URL

If your IdP provides a Metadata URL, simply enter it in the provided field. Vev will automatically retrieve all the necessary metadata from the URL.

Using Provider XML

If you have the IdP’s generated metadata file, copy its contents and paste them into the designated text field in Vev. This method allows Vev to configure the necessary settings based on the provided XML data.

Using Provider Data

For a more manual setup, you can enter the required data fields from your IdP directly into Vev. This method involves matching up specific values such as Entity ID, Single Sign-On URL, and x509 Certificate, which can typically be found in the IdP’s metadata file.

4. Finalizing the Setup

Once the settings are configured:

  • All users on your account will need to enable the SAML SSO login method in their Profile settings.

  • Existing users will have three months to switch to SSO login. They will be notified in-app to complete this process.

Logging in via SSO

When users attempt to log in to Vev, they need to click the "Log in using SSO" link on the login page to access the SSO login directly. Once they've entered their email Vev will recognize the login provider associated with the user’s email and initiate the authentication process accordingly.

Important Considerations

  • One SSO Provider Per Account: Only one SSO provider can be enabled per account. Configuring a new provider will overwrite the previous one.

  • SSO Requirement: Once SSO is enabled, all users must use it to access their accounts. Previous credentials will no longer work.

Did this answer your question?