How can I provision users from our own single sign-on service to MetaAccess?

MetaAccess offers an integration with a 3rd-party Single Sign-on Service (SSO). This enables an account to provision new users to manage your account. When a user logs into the MetaAccess console through your own SSO service, MetaAccess will provision that user as a read-only user on your account. You can update the user's role later.

MetaAccess uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0), so that you can integrate easily with any large identity provider that supports SAML 2.0.

To get started, go to your identity provider's site and follow the instructions to configure a SSO application for MetaAccess.

To integrate MetaAccess with your own SSO service,

  1. Log into the MetaAccess console with admin permissions

  2. Navigate to Settings > Integrations > Single sign-on

  3. Select "Enable Single Sign On" checkbox

  4. Enter an IdP Name. This is for your reference

  5. Click the Choose File button to upload an IdP X.509 certificate .pem file that you got from the Identity Provider.

  6. Enter Issuer you got earlier from the identity provider

  7. Enter the IdP SSO URL you got earlier from the identity provider

  8. Enter the IdP Log out URL and Error URL you got earlier from the identity provider if any

  9. Click the Save button.

  10. After you save your changes successfully, MetaAccess generates a MetaAccess Login URL, you need to copy this URL and update a postback SSO URL (also called the Assertion Consumer Service URL) of the SSO application for MetaAccess in your identity provider.

Note: You can import information from step #5 through #8 from the IdP metadata file thatyou got earlier from the identity provider if it's available

You can find detailed setup guideline for some identity providers below

Okta