Security Assertion Markup Language (SAML) lets users access UpCodes products and services using the same email and password they use for your organization. This means they only need to remember one password, and if they are already signed in to your organization’s network, they will not need to sign in again to access UpCodes.
How can my organization get access to SAML Single Sign-On (SSO)? You have access to SAML Single Sign-On (SSO) if you are on the Professional plan, or if it has been added to your Enterprise org. If you would like to add this to your plan, you can upgrade to the Professional plan or add it to your Enterprise plan.
Why SAML Single Sign-on (SSO)?
Better user experience - Users only need to sign in once, and they do not need to remember multiple passwords. This saves time for users since they are less likely to need a password reset.
Enhanced security - SAML/SSO users have a single point of authentication, so passwords are received and validated only by the identity provider. Since users only need to remember one password, bad security habits such as writing down passwords are minimized.
Streamlined administration - Admins only need to maintain one email/password combo for each user, and password policies applied to the network are also applied to UpCodes services. So if you revoke an employee’s email access, they will also lose access to UpCodes—no need to revoke access to each service individually.
The only identity provider available in UpCodes for SAML is Azure Active Directory (Azure AD). If you use another Identity Provider, please let us know.
Only account owners and admins can set up SAML SSO for their organization.
Step 1: Configure your IDP
If you meet the conditions above, the first step is to configure UpCodes with your identity provider.
You can follow the steps described in this article to find out how to set up SAML for UpCodes with Azure AD.
Step 2: Configure UpCodes
Click on your profile menu in the top right corner and select the option “Security” or click here
Enable Single-sign through SAML by clicking on the toggle
Select the SSO policy
Optional (Recommended for testing)
Upload the "Federation Metadata XML" configuration file and click “Save Details”
Once an Enterprise organization has been set up with SAML, the organization members will no longer need a password to log into their accounts. From the login page, they can click on “Continue with SSO/SAML”, input their email, and be redirected to the sign-in page of their identity provider.
We recommend that an admin for your organization first sets SAML to optional and tries to log in with their SAML credentials. Then after a successful login, the admin can switch the configuration to the required.