SAML enables you to login to multiple software platforms from one central location, meaning you don’t have to remember multiple usernames and passwords. SAML will authenticate your accounts and enable your systems to communicate and to authenticate users from one to the other.
It’s also a powerful onboarding tool: Accounts can be set up automatically with auto user provisioning. Users can be mapped to Conga Collaborate just by logging in using their Identity Providers credentials, instead of having to set up hundreds of user accounts within Conga Collaborate.
CONNECTING FROM Conga Collaborate
Follow these steps to connect SAML to your Conga Collaborate account:
- Click on your User Drop down -> Administration
- Click Integrations
- Choose SAML from the Integrations menu.
- Click the checkbox next to Enable SAML.
- Fill out the following fields according to your Identity Provider’s (IdP) documentation:
- Provider Name – This field is for your reference so name it something familiar to you or any other Account Admins
- IDP SSO Target URL
- IDP Certificate Fingerprint – You can optionally upload a certificate provided by your IdP
- The remaining fields are optional and vary depending on individual IdPs. Please refer to your particular IdP’s documentation.
- Click Save Changes
Alternatively, you can utilize the Metadata URL field to have Conga Collaborate automatically pull the required information directly from your IdP. This URL would be provided by your IdP. The metadata file will contain all required information about your particular IdP’s configuration.
Authentication: Conga Collaborate will utilize the Subject NameID field within the SAML assertion to authenticate with the specific Conga Collaborate user. Conga Collaborate will match on an email address or username, but an email address is preferred. Please ensure you are passing NameID in the Subject or you will get the following error message: “No associated Conga Collaborate account was found. Please contact your account administrator.”
CONNECTING FROM YOUR IDP
The SAML Configuration Information at the bottom of the SAML Integration page should contain the URLs that your IdP will require when setting up the integration.
Automatically Initiate SP Login – by enabling this setting your users navigating to the https://[accountname].octiv.com (or your custom domain) will be automatically redirected to your IdP log in screen. If your users will only ever log into Conga Collaborate through your IdP you should likely enable this option.
Auto-Provision users – by enabling this option Conga Collaborate will automatically create users within your Conga Collaborate account for any user that tries to log in and does not already match a current Conga Collaborate user. Conga Collaborate will make its best guess from the SAML Attributes provided and associate to the proper User fields within Conga Collaborate. However, if you want to specify the actual fields to use, you can utilize the Attribute Mapping fields directly below the Auto-Provision Users setting
Using this integration through Conga Collaborate and Salesforce (for example) makes Salesforce the Identity Provider (IdP). After you enable this integration, you see a separate link asking you to sign on using Salesforce. Entering your credentials confirms you as the user and redirects you to Conga Collaborate.
After sign-in, you’re authenticated by SAML and have reached out to all service providers involved.
Using SAML can also auto-provision users in Conga Collaborate, meaning that all accounts are managed via the identity provider. Use the auto-provision toggle to set this feature.
Because your email address is your user identification, you need to make sure you’re using the same one in all the systems you connect.
You can use any SAML 2.0 identity provider, including Salesforce, Microsoft ADFS, Okta, and Onelogin.
Conga Collaborate supports the Google oAuth2.0 protocol for authentication and authorization. See Google’s documentation on this here.