How to set up SSO (Single Sign-On)?
The SSO option is only available on the Premier plan.
Enabling single sign-on allows you or your partners to access Kiflo without having to enter your password.
This is particularly useful if you provide many portals to partners, like an LMS, a ticketing system, or any other external application. Partners will seamlessly switch from your LMS to Kiflo or vice versa. It greatly improves partners' experience.
IN THIS ARTICLE
Overview
Kiflo implements SAML 2.0 and acts as the service provider. It is possible to enable or enforce the usage of SSO for admins and/or partners independently.
However:
- We do not manage user provisioning: users have to be created in Kiflo first
- We do not manage the sign-out flow: users have to sign out from Kiflo and won't be signed out from other applications
Enable single sign-on
To enable SSO:
- Navigate to the Account page
- Then click on Security
- Toggle on Single Sign-On (SSO)
Then, you must choose whether your coworkers and partners can use SSO:
- Disable: They cannot sign-in via SSO and must use their password
- Enable: They can choose to sign-in via SSO as well as password
- Enforce: They must use SSO to sign-in and their password is disabled
Finally, fill in the Identity Provider Login URL and Certificate based on the information provided by your IP.
Set up your identity provider (generic instructions)
Your Identity Provider will ask for a callback URL (where the SAML token will be sent). This callback URL is generated by Kiflo.
- Navigate to the Account page
- Then click on Security
- Copy the value of "Service Provider Callback URL"
SAML attribute mapping
Set up attribute mapping to map the primary email address to the attribute NameID.
This is the only attribute required by Kiflo.
The primary email address registered in your IdP must be the one used in Kiflo to sign in.
Set up your identity provider (Google)
Google Workspace
How to set up SSO with Google?
Microsoft Entra ID