If you are using the G Suite it is possible to set up Single Sign On to allow your platform users easy access to eloomi if they are already logged into the Google Suite.
Setting up SSO using G Suite:
In eloomi you go to Admin > Settings > SSO Details
Here you will need to add information from your Google Admin Console and press Apps :
Choose SAML apps and press "plus" to add a new app and choose "set up my own custom app"
Setting up eloomi app
Setting up the eloomi app in Google Suite will give you information that should be copied and pasted to the eloomi set up page:
- SSO URL
- Entity ID
- Certificate (that needs to be downloaded first)
*Make sure you save these as we will need them at the end of the process when we setup SSO on the eloomi side of things
There are more settings that need to be set up in eloomi, but we will go through those at the end.
To configure the App add a name and description (not mandatory):
Next step in the configuration is to add Service Provider Details from eloomi:
Next step is to "Add New Mapping"
The initial word should correspond to the field "SSO LOGIN ATTRIBUTE" in the eloomi SSO settings. The next two fields should be set to "Basic information" and "Primary Email".
After, click finish and you will be greeted with a warning that reminds you to setup the corresponding settings in eloomi. We will do that too, but we are not quite done in Google yet!
Once you have dismissed the warning you will be shown a quick overview of the new app. At the top right click "EDIT SERVICE".
We are now at the point where we need to enable it.
Depending on the size and needs of your organisation you might want to only enable for certain departments. The first view will allow you to enable it for everyone in your G Suite organisation. On the left-side you can make this more granular. Don't forget to click "SAVE" once you have enabled it.
Now we will got back into the SSO settings in eloomi. They can be found by clicking "Admin" in the top bar, followed by "Settings" and then "SSO Details". It does require admin access to make the change.
Below you can see a list of the required settings:
"SSO HOST" corresponds to "SSO URL" found in Google
"SSO ENTITY ID" corresponds to "Entity ID" found in Google
"X509 CERTIFICATE" corresponds to the downloaded certificate in Google. Copy all the content into this field including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
"EMAIL LOGIN ATTRIBUTE" should correspond with what was put into the mapping in Google.
Click save and you can now login using Google.