Skip to main content
Procore

Configure Single Sign On in the Company Admin Tool

Objective

To configure Single Sign On (SSO) in the Company level Admin tool. 

Background

Procore supports both SP- and IdP-initiated SSO:

To assist you with understanding the terms discussed below, here are some definitions:

  • Identity Provider (IdP). This is the service that verifies the identity of your end users (e.g., Okta, OneLogin, or Microsoft Azure AD).
  • Issuer URL (Entity ID). A unique string that identifies the provider issuing a SAML request. 
  • SAML. Short for Security Assertion Markup Language.
  • Service Provider (SP). Procore
  • Target URL. The IdP URL that will receive SAML requests from Procore.
  • x509 Certificate. This is an encrypted digital certificate that contains the required values that allow the SSO service to verify the identities of your users.

Things to Consider

Steps

  1. Navigate to the Company level Admin tool.
    This reveals the Company Settings page.
  2. Under Administrative Settings, click Single Sign On Configuration
    This opens the Single Sign On Configuration page.
    Notes:
    • For specific details on where to get obtain the data to enter, please refer to the appropriate configuration article for your provider using the See Also links below. 
    • The data you enter in the page below is always obtained from the issuer (e.g., Okta, OneLogin, or Microsoft Azure AD).

      admin-sso-configuration.png
    Enter the Single Sign On Issuer URL.
    This is commonly referred to as the the issuer and it is a unique URL that identifies the provider issuing a SAML request.
    • Azure
      • For SP-Initiated SSO, enter the SAML Entity ID from Azure AD here.
      • For IdP-Initiated SSO, Enter the Remove Login URL from Azure AD here.
    • Okta
      • For SP-Initiated SSO, enter the Identity Provider Issuer URL from Okta here. 
      • For IdP-Initiated SSO, enter Enter the Identity Provider Issuer URL from Okta here. 
    • OneLogin
      • For SP-Initiated SSO, enter the Issuer URL from OneLogin here. 
      • For IdP-Initiated SSO, Enter the Issuer URL from OneLogin here. 
  3. Enter the Single Sign On Target URL.
    This is the URL that will receive SAML requests from the provider. 
    • Azure AD
      • For SP-Initiated SSO, enter the SAML Entity ID here.
      • For IdP-Initiated SSO, enter the Remove Login URL here.
    • Okta
      • For SP-Initiated SSO, enter the Identify Provider Single Sign-On URL from Okta here. 
      • For IdP-Initiated SSO, leave this field blank.
    • OneLogin
      • For SP-Initiated SSO, enter the SAML 2.0 Endpoint (HTTP) URL from the SSO tab in Okta here. 
      • For IdP-Initiated SSO, leave this field blank.
  4. Enter the Single Sign On x509 Certificate.
    This is the encrypted digital certificate information.
    • Azure AD
      • For SP-Initiated SSO, enter the certificate data from the SAML XML Metadata file that you downloaded from Azure AD here. 
      • For IdP-Initiated SSO, enter the certificate data from the SAML XML Metadata file that you downloaded from Azure AD here. 
    • Okta
      • For SP-Initiated SSO, enter the X.509 Certificate from Okta here.
      • For IdP-Initiated SSO, enter the X.509 Certificate from Okta here.
    • OneLogin
      • For SP-Initiated SSO, enter the x.509 Cert from OneLogin here. 
      • For IdP-Initiated SSO, enter the x.509 Cert from OneLogin here. 
  5. Click Save Changes.
    The system saves your updates.
  6. Contact your company's Procore point of contact. A final configuration step must be completed by a Procore before you can test your SSO configuration. 

See Also

 

  • Was this article helpful?