Skip to main content

How to Configure SSO Settings in UpKeep

Learn how to configure SSO settings in UpKeep, including user types, profile updates, native login, and reauthentication options

Updated over a week ago

Available On: Enterprise

Once you have set up SAML authentication for Single Sign-On (SSO) in UpKeep, you can configure additional settings to customize user access and authentication behavior. These settings allow you to manage user types, profile syncing, login methods, and session durations for enhanced security and flexibility,

How to Find Your Single Sign-On Settings

To access your SSO settings in UpKeep:

  1. Go to Settings

  2. Select Authentication

  3. Click Configure on the Authentication tab

  4. Your SSO settings will be located at the bottom of the page

Single Sign On Settings

When troubleshooting SSO issues in UpKeep, there are several key steps to consider. Understanding how to verify your SSO provider configuration, resolve Company ID issues, and test your SSO setup can ensure a smooth and secure login process.

Default User Type

This setting determines the type of user that will be created when they log in via SSO. You can either specify a default user type here or pass it in the SAML attributes as accountType

Supported values:

  • ADMIN – Full administrative access.

  • TECH – Technician-level access.

  • VIEW_ONLY – Read-only access.

  • REQUESTER – Limited access for submitting requests.

Update Profile Each Time a User Logs In

When enabled, UpKeep will sync available user profile fields from your identity provider (IdP) every time a user logs in. This ensures that user details stay updated with your organization's identity management system.

Enable Native Login

Enabling this setting allows users to log in using either SSO or their UpKeep username and password. If disabled, users must authenticate exclusively through SSO.

Force User to Reauthenticate

When enabled, users will be automatically logged out after a specified duration, requiring them to reauthenticate via SSO. This enhances security by ensuring periodic revalidation of user sessions.

Troubleshooting SSO Issues in UpKeep Asset Operations

Single Sign-On (SSO) is a crucial feature to streamline authentication in UpKeep Asset Operations. Troubleshooting SSO issues effectively can ensure a smooth login experience for your team.

Step 1: Verify Your SSO Provider Configuration

Ensure your Identity Provider (IdP), such as Okta, Azure AD, or others, is correctly configured. Follow these steps:

  1. Set Up the SSO Provider in UpKeep:

    • Go to Settings > Authentication.

    • Configure your IdP settings under Configure SSO. Specific fields may include:

      • Identifier (Entity ID): https://app.onupkeep.com

      • Reply URL (ACS URL): Example: https://api.onupkeep.com/auth/saml/[YourCompanyIdentifier]

      • Name ID Format: Typically emailAddress.

      • Other Attributes: Map elements like email, first name, and last name as required.

  2. Upload Certificates: Ensure the public certificate from your IdP is correctly uploaded within UpKeep’s SSO settings. Accuracy in copying details from your IdP to UpKeep is crucial.### Step 2: Resolve Issues with Company ID in SSO Login Your organization's unique Company ID is essential for SSO authentication to ensure users can log in directly. If issues arise with Company ID, set up a direct login link as follows:

  3. Navigate to your Company Settings in UpKeep.

  4. Open the Authentication section.

  5. Locate your unique Company Identifier in the SSO Configuration settings.

  6. Use this specialized URL format to create a direct login link for your team:

       https://app.onupkeep.com/web/login/sso?companyId=[YourCompanyIdentifier]

  7. Replace [YourCompanyIdentifier] with your actual company identifier.

  8. Share the direct link with your team for simplified access without the need to manually input the Company ID.### Step 3: Complete and Test Your SSO Setup

  9. Finalize Your UpKeep Configuration:

    • Log in to your UpKeep admin portal.

    • Navigate to Settings > Authentication > Configure. Confirm all details match your IdP configurations.

  10. Test the Setup:

    • Use the configured direct login link or navigate to the UpKeep login page.

    • Attempt to log in through your SSO provider. For example:

      • Input any credentials required by your IdP.

      • Verify that users are redirected successfully to UpKeep post-authentication.

  11. Submit and Save Configuration: Test the setup thoroughly before submitting. Ensure roles, such as Admin/Editor/View Only, are assigned to the correct users.### External Resource For additional help on creating a direct login link for SSO authentication, refer to the guide: How to Create a Direct Link for SSO Authentication.

Related Articles
How to set up Single Sign On (SSO) - Okta
How to set up Single Sign On with ADFS
Verifying SSO using Azure SSO for UpKeep
How to Create Custom Roles for UpKeep Users
How To Create a Direct Link For SSO Authentication
Did this answer your question?