Single sign-on (SSO) offers a secure way for you to access Chili Piper. This eliminates weak password use and reduces the need to remember passwords. If you or your company uses SSO, you may wonder how to get it to work with Chili Piper.
In this article, we will walk through:
- What can the SSO Integration do or not do?
- What do I need to do before I set up an SSO?
- How do I set up Okta for Chili Piper?
- How do I set up OneLogin for Chili Piper?
- How do I set up Rippling for Chili Piper?
What can the SSO integration do or not do?
- The SSO Integration can provide another mechanism for users to log into Chili Piper.
- The existing login options are through Oauth of their CRM or calendar provider.
- This simpler login option gives CP users an SSO option in case they only have their SSO username & password memorized. See the option below.
- The SSO integration cannot provision licenses to users in Chili Piper.
- Your SSO provider can provision licenses to your CRM, and Chili Piper will automatically sync the CRM user into our Chili Piper User Table.
- Then, the admin will provision the product-specific licenses to the users once the user has been added to the CRM.
- Your company’s Chili Piper admin will need to allocate product-specific licenses to individual users.
- The SSO integration cannot authenticate user connections to their CRM or Calendars.
- Users will still be required to authorize connections to their CRM and calendar licenses through direct Oauth connections. This is required for their first time connecting their licenses to Chili Piper.
Best practice: Most SSO admins will set up a workflow redirecting new users from the CRM and calendar login pages back to their SSO login pages. This allows the user to only login with their SSO login.
What do I need to do before I set up an SSO?
Before integrating SSO with Chili Piper, you will need to contact your customer service rep to enable this integration. You will be unable to proceed further until it has been enabled.
How do I set up Okta for Chili Piper?
Log into Chili Piper's Admin Center, navigate to Integrations, scroll down to Identity Provider, and select Add.
In a new browser tab, open your Okta admin page, navigate to Applications and select Create a new app integration. Select SAML 2.0 and hit Next.
Write Chili Piper under App name, and add our logo. (You can download the image logo below to use as your image)
Hit next.
Return to Chili Piper and copy your unique Sign In URL.
Back in Okta:
- Paste the Sign In URL link into the Single sign-on URL section.
- In Audience URI (SP Entity ID) section enter: chilipiper.com
- Name ID format and Application Username should be set to Email.
Your Okta SAML Settings should look something like this:
Next, we'll complete the set-up back in Chili Piper. First, click View Setup Instructions in Okta.
Now that we've got our Chili Piper information into Okta, it's time to copy information from Okta and bring it to Chili Piper.
- Copy your unique Identity Provider SSO from Okta, return to Chili Piper and paste it into the Identity Provider SSO URL.
- Copy your Identity Provider SSO from Okta, return to Chili Piper, and paste it into Identity Provider ID.
- Download the certificate provided by Okta and upload it to Chili Piper.
In Okta, in the Assignments tab, assign users to the Okta app. Back in Chili Piper, hit Save and Activate.
Uncheck "Deflate" in Chili Piper.
Next, we will move on to SCIM provisioning. Setting up these SCIM settings will allow an Okta admin to control who can or cannot log in to Chili Piper with this method. These SCIM Settings do not create or remove users from Chili Piper directly.
In Okta, navigate to the Chili Piper app you just created.
- Under the General tab, enable SCIM provisioning.
- Head to the Provisioning tab. Copy the SCIM connector base URL from Chili Piper and paste it into the Okta app SCIM connector base URL section.
-
In the Unique identifier field for users, type email.
-
Under Supported provisioning actions, select
-
Push New Users
-
Push Profile Updates
-
Push Groups
-
-
Authentication Mode should be set to HTTP Header.
It should look something like this:
Now we will select Test Connector Configuration.
In Provisioning to App, enable:
- Create Users
- Update User Attributes
- Deactivate Users
Click Save, and that's it!
If you have any issues with setting up Okta for Chili Piper, please reach out to your CSM.
How do I set up OneLogin for Chili Piper?
Log into Chili Piper's Admin Center, navigate to Integrations, scroll down to Identity Provider, and select Add.
In a new tab, go to OneLogin, navigate to Applications and select Add App.
On the Find Applications page, search for SAML custom connector. From the filtered list, select SAML Test Connector (Advanced) for SAML 2.0.
Change the Display Name to Chili Piper. You may also optionally upload an icon to be displayed.
When finished, select Save.
Now, in the Configuration tab on the left,
- Add chilipiper.com in the Audience (Entity ID) field.
- Return to Chili Piper, and copy the Sign In URL. Paste this URL into ACS (Consumer) URL.
Locate your Tenant ID, which can be found in the Sign in URL (between /tenant/ and /sso).
- In ACS (Consumer URL Validator* paste the below, with your unique {tenant_id} in the {tenant_id} section
^https:\/\/api.chilipiper.com\/api\/v1\/saml\/tenant\/{tenant_id}\/sso
Scroll Down to SAML signature element and select "Both." All the other options can be left alone/ left blank. Click Save again.
Now, navigate the SSO tab (on the left). Click on View Details under X.509 Certificate.
This opens a new page where you can click the Download button to download the onelogin.pem file.
Back in Chili Piper, upload this file in Identity Provider under Certificate.
In OneLogin, copy the Issuer URL in the SSO tab and paste it into Chili Piper under Identity Provider ID. Then copy SAML 2.0 Endpoint (HTTP) in OneLogin and paste it into the Identity Provider SSO URL in Chili Piper.
Make sure you grant users permission to use the app.
In Chili Piper, save the Identity Provider and click Enable. And that's it! If you have any problems setting up OneLogin for Chili Piper, please reach out to your CSM.
How do I set up Rippling for Chili Piper?
1. Log in to Chili Piper and navigate the Admin Center > Integrations > Identity Provider > Add.
2. Log in to Rippling and navigate to IT Management > Custom App > Create New App.
Create your New App:
Check the box for Supports SAML, upload the Chili Piper logo, and select Update App.
3. Copy the Single Sign-on URL or Target URL in Rippling and paste it to Identity Provider SSO URL in Chili Piper.
4. Copy the Issuer or IdP Entity ID in Rippling and paste it to Identity Provider ID in Chili Piper.
5. Copy X509 Certificate and upload the .crt file to CP as Certificate
6. Uncheck Deflate checkbox in Chili Piper
7. Copy Chili Piper Sign in URL and past in to Provide ACS URL in Rippling
8. Enter chilipiper.com as the Provide Service Provider Entity ID
9. Save and activate in Chili Piper
10. Complete the next steps in Rippling to setup User provisioning
You can now log in with the ChiliPiper app from the Rippling home page or https://apps.chilipiper.com/login.html?sso=true with Rippling!
If you have any issues with setting up Rippling SSO for Chili Piper, please reach out to your CSM.