Configure Single Sign On in the Company Admin Tool
Objective
To configure Single Sign On (SSO) in the Company level Admin tool.
Background
Things to Consider
- Required User Permission:
- 'Admin' level permission on the Company level Admin tool.
- Prerequisites:
- Configure the Procore application in your identity provider's SSO software or service (e.g. Okta, OneLogin or Microsoft Azure AD):
- Obtain the required SSO Settings from your specific identity provider's SSO software or solution ((e.g. Okta, OneLogin or Microsoft Azure AD).
- Additional Information:
Steps
- Navigate to the Company level Admin tool.
- Under 'Company Settings,' click Single Sign On Configuration.
Note: The data you enter on the page below is always obtained from the issuer (e.g. Okta, OneLogin or Microsoft Azure AD).
-
- Azure
- For SP-Initiated SSO, enter the SAML Entity ID from Azure AD here.
- For IdP-Initiated SSO, Enter the Remove Login URL from Azure AD here.
- Okta
- For SP-Initiated SSO, enter the Identity Provider Issuer URL from Okta here.
- For IdP-Initiated SSO, enter Enter the Identity Provider Issuer URL from Okta here.
- OneLogin
- For SP-Initiated SSO, enter the Issuer URL from OneLogin here.
- For IdP-Initiated SSO, Enter the Issuer URL from OneLogin here.
- Azure
- This is commonly referred to as the issuer and is a unique URL that identifies the provider issuing a SAML request.
- Enter the Single Sign On Target URL.
This is the URL that will receive SAML requests from the provider.- Azure AD
- For SP-Initiated SSO, enter the SAML Entity ID here.
- For IdP-Initiated SSO, enter the Remove Login URL here.
- Okta
- For SP-Initiated SSO, enter the Identify Provider Single Sign-On URL from Okta here.
- For IdP-Initiated SSO, leave this field blank.
- OneLogin
- For SP-Initiated SSO, enter the SAML 2.0 Endpoint (HTTP) URL from the SSO tab in Okta here.
- For IdP-Initiated SSO, leave this field blank.
- Azure AD
- Enter the Single Sign On x509 Certificate.
This is the encrypted digital certificate information.- Azure AD
- For SP-Initiated SSO, enter the certificate data from the SAML XML Metadata file that you downloaded from Azure AD here.
- For IdP-Initiated SSO, enter the certificate data from the SAML XML Metadata file that you downloaded from Azure AD here.
- Okta
- For SP-Initiated SSO, enter the X.509 Certificate from Okta here.
- For IdP-Initiated SSO, enter the X.509 Certificate from Okta here.
- OneLogin
- For SP-Initiated SSO, enter the x.509 Cert from OneLogin here.
- For IdP-Initiated SSO, enter the x.509 Cert from OneLogin here.
- Azure AD
- Click Save Changes.
- Reach out to Procore Support or your company's Procore point of contact to request to enable SSO. Include the email domain you'd like to target for SSO in your request.
- After you receive confirmation that the SSO configuration is ready, mark the Enable Single Sign On checkbox on the 'Single Sign On Configuration' page.
- Click Save Changes.
See Also