Skip to main content

How to Configure SSO Settings in UpKeep

Learn how to configure SSO settings in UpKeep, including user types, profile updates, native login, and reauthentication options

Updated over 2 weeks ago

Available On: Enterprise

Once you have set up SAML authentication for Single Sign-On (SSO) in UpKeep, you can configure additional settings to customize user access and authentication behavior. These settings allow you to manage user types, profile syncing, login methods, and session durations for enhanced security and flexibility,

What is Single Sign-On (SSO)?

Single Sign-On (SSO) is a login functionality that allows team members to access their work systems using one secure company-provided login account, such as Google Workspace or Microsoft Azure credentials. With SSO, there’s no need to remember individual passwords for various platforms, which makes it both convenient and secure.

Benefits of SSO

Here are the primary advantages of implementing SSO for organizations:

  • Simplified Login Process: Employees only need to remember one password, reducing complexity and saving time during login. This is especially useful for companies managing multiple tools or software platforms.

  • Enhanced Security: By requiring secure company-managed credentials, SSO minimizes the risks associated with weak, reused, or forgotten passwords.

  • Increased Productivity: Less time spent on login issues translates to more time focused on work.

  • Scalability and Integration: SSO can streamline access regardless of the organization’s size or setup, making it suitable for businesses of all scales and industries.

This includes supporting identity providers such as Azure Active Directory (Azure AD), which enhances integration and role management capabilities.

How Does SSO Work?

Here’s an overview of how Single Sign-On operates:

  1. A user attempts to access a platform that supports SSO.

  2. The platform redirects the user to a central identity provider (e.g., Google or Microsoft) for authentication.

  3. The user logs into the provider with their usual credentials.

  4. Once authenticated, the identity provider grants access across different connected tools without requiring the user to log in again.

This seamless process ensures that users enjoy a smooth and secure experience without the constant hassle of entering credentials.

How to Find Your Single Sign-On Settings

To access your SSO settings in UpKeep:

  1. Go to Settings

  2. Select Authentication

  3. Click Configure on the Authentication tab

  4. Your SSO settings will be located at the bottom of the page

Single Sign On Settings

When troubleshooting SSO issues in UpKeep, there are several key steps to consider. Understanding how to verify your SSO provider configuration, resolve Company ID issues, and test your SSO setup can ensure a smooth and secure login process.

Specific configurations such as integrating with Azure AD can streamline your login process and align with organizational requirements.

Default User Type

This setting determines the type of user that will be created when they log in via SSO. You can either specify a default user type here or pass it in the SAML attributes as accountType

Supported values:

  • ADMIN – Full administrative access.

  • TECH – Technician-level access.

  • VIEW_ONLY – Read-only access.

  • REQUESTER – Limited access for submitting requests.

  • A "Limited Admin" role is not supported via SSO. You can use existing roles such as ADMIN or TECH to achieve similar access control.

Update Profile Each Time a User Logs In

When enabled, UpKeep will sync available user profile fields from your identity provider (IdP) every time a user logs in. This ensures that user details stay updated with your organization's identity management system.

Enable Native Login

Enabling this setting allows users to log in using either SSO or their UpKeep username and password. If disabled, users must authenticate exclusively through SSO.

Force User to Reauthenticate

When enabled, users will be automatically logged out after a specified duration, requiring them to reauthenticate via SSO. This enhances security by ensuring periodic revalidation of user sessions.

Troubleshooting SSO Issues in UpKeep Asset Operations

Single Sign-On (SSO) is a crucial feature to streamline authentication in UpKeep Asset Operations. Troubleshooting SSO issues effectively can ensure a smooth login experience for your team.

Step 1: Verify Your SSO Provider Configuration

Ensure your Identity Provider (IdP), such as Okta, Azure AD, or others, is correctly configured. Follow these steps:

  1. Set Up the SSO Provider in UpKeep:

    • Go to Settings > Authentication.

    • Configure your IdP settings under Configure SSO. Specific fields may include:

      • Identifier (Entity ID): https://app.onupkeep.com

      • Reply URL (ACS URL): Example: https://api.onupkeep.com/auth/saml/[YourCompanyIdentifier]

      • Name ID Format: Typically emailAddress.

      • Other Attributes: Map elements like email, first name, and last name as required.

  2. Upload Certificates: Ensure the public certificate from your IdP is correctly uploaded within UpKeep’s SSO settings. Accuracy in copying details from your IdP to UpKeep is crucial.### Step 2: Resolve Issues with Company ID in SSO Login Your organization's unique Company ID is essential for SSO authentication to ensure users can log in directly. If issues arise with Company ID, set up a direct login link as follows:

  3. Navigate to your Company Settings in UpKeep.

  4. Open the Authentication section.

  5. Locate your unique Company Identifier in the SSO Configuration settings.

  6. Use this specialized URL format to create a direct login link for your team:

       https://app.onupkeep.com/web/login/sso?companyId=[YourCompanyIdentifier]

  7. Replace [YourCompanyIdentifier] with your actual company identifier.

  8. Share the direct link with your team for simplified access without the need to manually input the Company ID.### Step 3: Complete and Test Your SSO Setup

  9. Finalize Your UpKeep Configuration:

    • Log in to your UpKeep admin portal.

    • Navigate to Settings > Authentication > Configure. Confirm all details match your IdP configurations.

  10. Test the Setup:

    • Use the configured direct login link or navigate to the UpKeep login page.

    • Attempt to log in through your SSO provider. For example:

      • Input any credentials required by your IdP.

      • Verify that users are redirected successfully to UpKeep post-authentication.

  11. Submit and Save Configuration: Test the setup thoroughly before submitting. Ensure roles, such as Admin/Editor/View Only, are assigned to the correct users.### External Resource For additional help on creating a direct login link for SSO authentication, refer to the guide: How to Create a Direct Link for SSO Authentication.

If using Azure AD, ensure the application is properly added within the Azure portal and all claims map correctly to user attributes.

Related Articles
How to set up Single Sign On (SSO) - Okta
How to Set Company-wide Settings
How to set up Single Sign On with ADFS
Verifying SSO using Azure SSO for UpKeep
How To Create a Direct Link For SSO Authentication
Did this answer your question?