Single sign-on (SSO) offers a secure way for you to access Chili Piper. This eliminates weak password use and reduces the need to remember passwords. If you or your company uses an SSO, you may be wondering how to get it to work with Chili Piper.
In this article, we will walk through:
- What do I need to do before I set up an SSO?
- How do I set up Okta for Chili Piper?
- How do I set up OneLogin for Chili Piper?
What do I need to do before I set up an SSO?
Before integrating an SSO with Chili Piper, you must contact your customer service rep to enable this integration. You will be unable to proceed further until it has been enabled.
How do I set up Okta for Chili Piper?
First, you must log into Chili Piper and navigate the Admin Center. Select Integrations, then scroll down to "Identity Provider" and select "Add."
In a new tab, go to Okta, navigate to "Applications, " and select "Create a new app integration." Select "SAML 2.0"
You will need to choose a name for the app.
Return to Chili Piper, and copy the "Sign In URL." In Okta, paste this into "Single sign-on URL." In "Audience URI (SP Entity ID)," enter:
chilipiper.com
Name ID format and Application Username should be set to Email.
Now we will need to copy information from Okta and bring it to Chili Piper. Click "View Setup Instructions" in Okta.
You will need to copy the following from Okta and paste it into Chili Piper:
- Identity Provider SSO
- Identity Provider Issuer (this will go into the field "Identity Provider Id" in Chili Piper).
Download the certificate provided by Okta and upload it to Chili Piper. In Okta, in the "Assignments" tab, assign users to the Okta app. Back in Chili Piper, "Save" and "Activate."
Uncheck "Deflate" in Chili Piper.
Next, we will move on to SCIM provisioning. In Okta, in our Chili Piper app, navigate to the "General" tab and enable "SCIM provisioning." Now, head to the "Provisioning" tab. Copy the "SCIM connector base URL" from Chili Piper and paste it into the Okta app.
In the "Unique identifier field for users," type " email. Under this, select "Push New Users," "Push Profile Updates," and "Push Groups." "Authentication Mode" should be set to "HTTP Header."
Now we will select "Test Connector Configuration."
In "Provisioning to App," enable "Create Users," "Update User Attributes," and "Deactivate Users," and click "Save."
And that's it! If you experience any issues with setting up Okta for Chili Piper, please get in touch with your CSM.
How do I set up OneLogin for Chili Piper?
First, you must log into Chili Piper and navigate the Admin Center. Select Integrations, then scroll down to "Identity Provider" and select "Add."
In a new tab, go to OneLogin, navigate to "Applications, " and select "Applications." Select "Add App."
On the "Find Applications" page, search for "saml custom connector." From the filtered list select "SAML Test Connector (Advanced) for SAML 2.0".
Change the "Display Name" to Chili Piper. You may also, optionally, upload an icon to be displayed. When finished, select "Save."
Now, in the Configuration tab on the left, add “chilipiper.com” in the “Audience (Entity ID)” field. Return to Chili Piper, and copy the "Sign In URL." Paste this URL into "ACS (Consumer) URL."
In "ACS (Consumer URL Validator*" paste:
^https:\/\/api.chilipiper.com\/api\/v1\/saml\/tenant\/{tenant_id}\/sso
Make sure to replace {tenant_id} which can be found in the “Sign in URL” (between /tenant/ and /sso).
Scroll Down to "SAML signature element" and select "Both." All the other options can be left alone/ left blank. Click "Save" again.
Now, navigate the "SSO" tab (on the left). Click on "View Details" under X.509 Certificate.
This opens a new page where you can click the "Download " button to download the onelogin.pem file.
Back in Chili Piper, upload this file in "Identity Provider" under "Certificate."
In OneLogin, copy the "Issuer URL" in the SSO tab and paste into Chili Piper under "Identity Provider ID." Then copy "SAML 2.0 Endpoint (HTTP) in OneLogin and paste into "Identity Provider SSO URL" in Chili Piper.
Make sure you grant users permission to use the app.
In Chili Piper, save the "Identity Provider and click "Enable." And that's it! If you experience any issues with setting up OneLogin for Chili Piper, please get in touch with your CSM.