If your company uses an Identity Provider like OneLogin, Okta, or JumpCloud, you may want to configure Single Sign On (SSO) via SAML for Abacus.
Configuring your Abacus account to use SSO for authentication means that every member of your team will need to log in via your chosen Identity Provider to access Abacus.
Configure Your Identity Provider
- Log in as an Administrator.
- Head to the Authentication tab in Settings.
- Enter your Sign-in page URL, provided by your identity provider.
- Enter your Identity Provider Issuer, a unique name (usually a URL) that your identity provider typically provides.
- Enter your X.509 Certificate.
Your Identity Provider will have further details on how to get set up on their end. Here are some resources:
If your Identity Provider asks for an ACS URL or an Entity ID in the platform, you will need the following information:
- ACS URL: https://www.abacus.com/login/saml/assertion
- Entity ID: https://www.abacus.com/home?company_id=[insert company ID here*]
*Reach out to your implementation manager for your company ID number
Invite Your Team
Before adding a team member in Abacus, first make sure you have added the employee to your Identity Provider. Then, you can invite the appropriate people using the Invite button on your Abacus People page.
Your employees will be directed through your Identity Provider; once they log in there, they will be redirected to your Abacus account.
Use SAML-Based SSO Within a Multi-Subsidiary Organization
Do you use the Connected Orgs feature of Abacus? If so, no problem! Your team will have different organizations in their account, and they will be prompted to authenticate the appropriate ones.
Log In On Your iPhone or Android
Logging in works the same way on iPhone or Android as it does on the web. We recommend that you use the mobile app for the Identity Provider you use. If you or your team belongs to multiple subsidiaries, they will have to select the appropriate organization from their phone.
When deactivating a member, you will need to deactivate them in Abacus and disable them in your Identity Provider. This ensures that their access to the mobile apps, as well as the web, will be deactivated.