Emburse
Help Centers

How to Configure SAML/SSO on Abacus


This feature is currently only available with the Enterprise plan.

If your company uses an Identity Provider like OneLogin, Okta, or JumpCloud, you may want to configure Single Sign On (SSO) via SAML for Abacus.

Abacus currently only supports SAML-based SSO providers.

Configuring your Abacus account to use SSO for authentication means that every member of your team will need to log in via your chosen Identity Provider to access Abacus. 

SSO login is not possible with two-factor authentication (2FA). Ensure 2FA is disabled at both the organization and user level before proceeding.

Configure Your Identity Provider

  1. Log in as an Administrator.
  2. Head to the Authentication tab in Settings.
  3. Enter your Sign-in page URL, provided by your identity provider.
  4. Enter your Identity Provider Issuer, a unique name (usually a URL) that your identity provider typically provides.
  5. Enter your X.509 Certificate.

mceclip0.png

Your Identity Provider will have further details on how to get set up on their end. Here are some resources:

If your Identity Provider asks for an ACS URL or an Entity ID in the platform, you will need the following information:

  • ACS URL: https://www.abacus.com/login/saml/assertion
  • Entity ID: https://www.abacus.com/home?company_id=[insert company ID here*]

*You can find the Company ID at the end of the URL when navigating to the Company Settings page.

Once SSO is enabled, this will be the exclusive way you and your team will be able to log in to your Abacus accounts. Any attempts to use a username and password to log in to this Abacus account will return an error.

Invite Your Team

Before adding a team member in Abacus, first make sure you have added the employee to your Identity Provider. Then, you can invite the appropriate people using the Invite button on your Abacus People page.

Your employees will be directed through your Identity Provider; once they log in there, they will be redirected to your Abacus account.

Use SAML-Based SSO Within a Multi-Subsidiary Organization

Do you use the Connected Orgs feature of Abacus? If so, no problem! Your team will have different organizations in their account, and they will be prompted to authenticate the appropriate ones.

Log In On Your iPhone or Android

Logging in works the same way on iPhone or Android as it does on the web. We recommend that you use the mobile app for the Identity Provider you use. If you or your team belongs to multiple subsidiaries, they will have to select the appropriate organization from their phone.

Deactivate Users

When deactivating a member, you will need to deactivate them in Abacus and disable them in your Identity Provider. This ensures that their access to the mobile apps, as well as the web, will be deactivated.

Related articles

Articles in this section

See more