Noloco
Ask the CommunityHire an ExpertLoginSign up
  • Noloco Overview
  • 🚀Quickstart
    • Start with your data
    • Start with AI
    • Start with a template
  • Data to App
    • Database Consolidation
  • App Settings
  • Components
    • Containers
    • Video
  • Templates
  • 🔗Data Sources
    • Data Overview
      • Setting a Collection's Primary Field
      • Syncing
    • Noloco Tables
      • Field Types
      • Relationships
      • Automatic Links
      • Rollup Fields
      • Lookup Fields
      • Formulas
      • Noloco AI
      • Import a file
    • Airtable
    • Google Sheets
    • SmartSuite
    • MySQL
    • PostgreSQL
    • REST APIs
    • HubSpot
    • Xano
  • 📄Pages
    • Collection views
      • Show collection record count
      • Empty State
    • Blank pages
    • iFrame embeds
    • External links
    • The Home Page
    • User Profile Page
    • Parent pages & folders
    • Page visibility rules
    • Cloning pages
    • Renaming pages
    • Hiding pages
    • Sidebar dividers
    • Tabs
  • 📂Collections
    • Adding collection views
    • Display
      • Rows
      • Cards & columns
      • Tables
      • Kanban boards
      • Calendar
      • Timeline
      • Gantt
      • Split-view
      • Charts
      • Maps
      • Pivot Table
      • Single record view
      • Grouping records
      • Record Colors
    • Filters
      • Logged in user
      • Relative Filters
      • Record values
    • Filter fields
    • Sort & limit
    • Row Action
    • Column Summaries
  • 📝Forms
    • Forms
      • Customizing Form Fields
      • Passing Linked Record Values to a Form
      • Dynamic Form Field Filters
      • E-Signature Fields
    • Public Forms
  • 📃Record Pages
    • Overview
    • Visibility Settings
    • Hidden Field Values
    • Record Comments
  • ✏️Field Formatting
    • Field visibility conditions
    • In-line editing
    • Conditional Highlight Colors
    • Dates & Time Zones
  • 📊Charts
    • Overview
  • 📂Data Management
    • Export Data
    • Import Data
  • 👥Users & Permissions
    • User Table
    • User Management
    • User Roles & Permissions
      • Record-level permissions
      • Field-level permissions
    • Open Sign Up
    • Offboarding Users
    • Testing as other users
  • ⏩Actions
    • Action buttons
      • Create records
      • Update records
      • Bulk actions
      • Barcode Scanner
      • Add a Comment Action
  • ⚡Workflows
    • Workflows
      • On-demand workflows
      • Comment Added Trigger
      • Watched Fields
      • Trigger webhooks
      • Send automated emails
      • For each item in a list...do...
      • Only continue if
      • Create a Record Action
      • Update a Record Action
      • Delete a Record Action
      • Deactivate a User Action
      • Reactivate a User Action
      • Send an Invitation Email Action
      • Add a comment to a record
      • Send a Push Notification
      • Ask Chat GPT Action
      • Summarize Text Action
      • Correct Grammar Action
      • Extract Keywords Action
      • Analyze Sentiment
      • Finish Text Action
      • Send a message to a Slack Channel
      • Send a message to a Slack User
      • Generate a PDF with DocsAutomator
  • 🔔Notifications
    • Notifications
    • Notification Preferences
  • 📑API Documentation
    • API Overview
      • Fetching Records
      • Fetching a Record
      • Creating a Record
      • Update a Record
      • Deleting a record
  • ⚙️Settings
    • General Settings
      • Live Mode
      • Custom Logos
    • Theme & Design
    • Progressive web apps
    • Navigation Settings
    • Spaces
    • Email Settings
    • Custom Code
    • Custom Domain
    • Login & Signup
      • Sign in Options
      • Single Sign On
      • 2FA - Two Factor Authentication
      • Client Portal User Add-On
    • Login Screen
    • User Lists
    • Integrations & API Keys
    • Billing & Usage
    • Support
    • Publishing
      • App Version History
  • 🔄Integrations
    • Zapier
    • Make (Integromat)
    • Sign in With Google
    • Intercom
    • SMTP Emails
    • Documint
  • ⚙️Account
    • Workspaces
    • Pricing
      • Client Portal Add-on (Legacy)
    • Transferring an App
    • Onboarding Call Preparation
Powered by GitBook
On this page
  • SAML
  • Add a SAML integration
  • Your existing SAML integration
  • How your users login
  • Dynamic Single Sign-on (SSO)
  • Troubleshooting SSO
  1. Settings
  2. Login & Signup

Single Sign On

Integrate your enterprise login service with Noloco

PreviousSign in OptionsNext2FA - Two Factor Authentication

Last updated 1 month ago

Single sign on is a feature available for ENTERPRISE on Noloco. Enabling it will disable all other login and sign up features, requiring your users to login with their enterprise credentials. To enable SSO navigate to your login options and configure the integration.

SAML

Add a SAML integration

To setup a SAML integration click Configure next to it in the login settings.

You will then see a form open within a modal for you to complete:

This form contains four sections:

  1. Noloco's callback URL for SAML responses

  2. Metadata about your IdP

  3. Attribute mappings for SAML responses

  4. Noloco role settings

Callback URL

This URL is where your IdP should POST SAML responses to after your users login. You can copy the URL to your clipboard using the button provided and it is likely you will have to whitelist it in your IdP.

IdP metadata

We require the following metadata about your IdP to be able to properly configure your SAML integration:

  1. The URL we can contact your IdP at

  2. The public certificate we can use to verify responses from your IdP

  3. The issuer for requests that your IdP expects

The easiest way to configure your SAML integration is by uploading the metadata XML file that your IdP provides to you. You can drag and drop this onto the file dropzone in this form. Alternatively you can expand the configuration section and manually complete it.

Attribute mapping

We need to know how to build Noloco users from your SAML responses, you can configure this by telling us the attribute names that correspond to each Noloco user field. There are a few places you can look these up. Firstly you might be able to find them in your IdP settings for SAML, e.g. in Auth0 we can see the following in our Settings:

{
  ...
  "mappings": {
    "user_id":     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email":       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
    "name":        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
    "given_name":  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
    "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
    "upn":         "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
    "groups":      "http://schemas.xmlsoap.org/claims/Group"
  },
  ...
}

This tells us that the name of the email attribute is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress so we would copy this entire value into the Email Address Attribute input in the configuration form.

Alternatively you might be able to find these in your metadata XML file that you uploaded for the configuration. For the same example we can see the email attribute:

Note that presently we do not automatically detect attribute mappings so even if they are in your metadata XML file you will have to input them yourself.

Noloco role

Finally you can select a default role that all users will be assigned when they first sign into your app with SAML.

Your existing SAML integration

You can review your existing SAML integration from the login settings page where we will show you the IdP and any mapped attributes.

You can update the integration by clicking on it and changing the values in the same form that you saw at setup.

To remove the SAML integration click the Remove button and confirm your choice in the modal that will appear.

How your users login

When your users try to log into your app, they will be redirected to the /login page where they will see a redirect out to your IdP.

The /register, /join and /forgot pages will all now also redirect to this login page.

After clicking the sign in button they will be taken to your enterprise login page where they will go through your in-house login flow. After that they will be redirected back to your Noloco app (where if they are new to the app a new user record will be created for them).

Dynamic Single Sign-on (SSO)

Dynamic SSO on Noloco's enterprise plan allows you to configure multiple SSO providers for a single app. This setup is ideal for businesses with different organizations or subsidiaries, each with unique SSO needs. It also supports hybrid authentication, combining SSO for employees with email and password logins for external users like clients.

Advantages of Dynamic Single Sign-on

  • Multiple SSO Configurations: Useful for companies with multiple subsidiaries or partner organizations.

  • Hybrid Logins: Enforce SSO for internal users and allow password logins for external users.

  • Domain-Based Matching: Specify domains to link each SSO configuration to the correct users.

How to Set Up Dynamic SSO

  1. Access the SSO Settings:

    • Go to your app's Settings and click on Login & Sign-up.

  2. Add Multiple Configurations:

    • In the SSO section, if you already have SSO setup, you'll see an option to add another configuration. You can add a new SSO setup for each organization or subsidiary.

  3. Specify Domain Matching:

    • For each configuration, provide a list of domain names that match the organization's email addresses (e.g., @company.com). This ensures that the right users are authenticated with the correct SSO provider.

  4. Hybrid Login Setup:

    • If you'd like to allow both SSO and password logins, ensure that only internal domains are assigned to your SSO configurations. All other users will fall back to email/password authentication.

  5. Test Your Setup:

    • Once configured, test each setup by logging in as different users from the specified domains to ensure that SSO is triggered correctly. You can also test fallback to password login for external users.

Troubleshooting SSO

I'm using Auth0 for my IdP and see "Unauthorized" after logging in

By default Auth0 is set up to sign the assertions on SAML responses but not sign the entire response. For security reasons we will only accept SAML responses which have a top-level document signature we can verify.

You can configure Auth0 to sign the entire response by going to Applications > [Your Application] > Addons > SAML2 Web App > Settings and making sure that the settings JSON includes a (uncommented) line with "signResponse": true. For example:

Use the following settings for Auth0

  • Email Address Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • First Name Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  • Last Name Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

I'm using Azure Active Directory for my IdP and see a AADSTS700016 error during the Microsoft login flow

Double check that the Issuer (entity ID) configured in your Noloco SAML settings matches the one pictured below in your Azure Active Directory Settings

Using Microsoft Azure Active Directory for SAML

By default Azure Active Directory is set up to sign the assertions on SAML responses but not sign the entire response. For security reasons we will only accept SAML responses which have a top-level document signature we can verify.

If you don't follow these instructions you will see an "Unauthorized" error when you sign in when using Microsoft Azure Active Directory

Use the following settings for Microsoft Azure Active Directory:

  • Email Address Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • First Name Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  • Last Name Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

The Advanced settings will look like the following:

  • Entry Point https://login.microsoftonline.com/********/saml2

  • Issuer / Entity ID https://sts.windows.net/********

We support as a method of SSO in Noloco. To use SAML as a method of login you need to provide us with information about your Identity Provider (IdP) and in turn we will provide you information to set us up as a Service Provider.

This error means that the Issuer (entity ID) configured in your Noloco SAML settings does not match the Identifier (Entity ID) in your Azure Active Directory settings. You can find more information about resolving this error .

Follow the instructions to configure Azure Active Directory to sign either the response or both the response and the assertions.

⚙️
SAML 2.0
here
here
plans
Double check your Identifier (Entity ID) value if you encouter the AADSTS700016error