Security Assertion Markup Language (SAML) lets users access UpCodes products and services using the same email and password they use for your organization. This means they only need to remember one password, and if they are already signed in to your organization’s network, they will not need to sign in again to access UpCodes.
How can my organization get access to SAML Single Sign-On (SSO)?
SAML Single Sign-On (SSO) is available as a part of UpCodes Professional subscriptions.
Click here to upgrade your plan to UpCodes Professional.
If you are an UpCodes Enterprise customer, contact our Sales team or your Customer Success Manager to upgrade your subscription.
Why SAML Single Sign-on (SSO)?
Better user experience - Users only need to sign in once, and they do not need to remember multiple passwords. This saves time for users since they are less likely to need a password reset.
Enhanced security - SAML/SSO users have a single point of authentication, so passwords are received and validated only by the identity provider. Since users only need to remember one password, bad security habits such as writing down passwords are minimized.
Streamlined administration - Admins only need to maintain one email/password combo for each user, and password policies applied to the network are also applied to UpCodes services. So if you revoke an employee’s email access, they will also lose access to UpCodes—no need to revoke access to each service individually.
SAML Authentication
The only identity provider available in UpCodes for SAML is Azure Active Directory (Azure AD). If you use another Identity Provider, please let us know.
Only account owners and admins can set up SAML SSO for their organization.
Step 1: Configure your IDP
If you meet the conditions above, the first step is to configure UpCodes with your identity provider.
You can follow the steps described in this article to find out how to set up SAML for UpCodes with Azure AD.
Step 2: Configure UpCodes
1. Click on your profile menu in the top right corner and select the option Security
2. Enable Single-sign through SAML by clicking on the toggle
3. Select the SSO policy
a. Optional (Recommended for testing)
b. Required
4. Upload the "Federation Metadata XML" configuration file and click “Save Details”
Additional tips:
Once an Enterprise organization has been set up with SAML, team members will no longer need a password to log into their accounts. From the login page, they can click on “Continue with SSO/SAML”, input their email, and be redirected to the sign-in page of their identity provider.
Follow the steps below to add members to your team account after you have SAML SSO set up for your account:
Self-Registration enabled
If a user has an active UpCodes account and an active subscription, they will need to cancel their subscription before they can be added to a team subscription. After they have canceled their subscription, they can click the self-registration link and then continue to log in using SSO.
If a user has an active UpCodes account but no active subscription, they can click on the self-registration link and then log in using SSO.
If a user does not have an UpCodes account, clicking the self-registration link will allow them to create one, following which they can log in using SSO.
Self-Registration disabled
If a user has an active UpCodes account and an active subscription, they will need to cancel their subscription before they can be added to a team subscription. After they have canceled their subscription, they can be added to the team subscription from the Users page, following which they can log in using SSO.
If a user has an active UpCodes account but no active subscription, they can be added to a team account as a member from the Users page by an account owner/admin, and continue to log in using SSO.
If a user does not have an UpCodes account, they will receive an invite to create an UpCodes account and join the team account as a member.
We recommend that an admin for your organization first sets SAML to optional and tries to log in with their SAML credentials. Then after a successful login, the admin can switch the configuration to the required.