How Can I Enable SSO?

How Can I Enable SSO?

You may want to restrict access to Sales Cookie and require Single-Sign-On (SSO).

SSO Benefits
SSO provides important benefits such as:
  1. Users disabled in your tenant cannot login to Sales Cookie
  2. Users do not need to configure a separate password to access Sales Cookie
  3. You can monitor 100% of user logins from one place (your tenant)

General vs. Custom SSO
There are 2 possible situations:
  1. General SSO - you can login via a supported provider's SSO (ex: Microsoft, Google, SalesForce, QuickBooks, etc.)
  2. Custom SSO - you have configured custom SSO for your domain, or require a different identity provider from supported ones

Checking If General SSO Works
Please perform the following steps to check if general SSO works:
  1. Click on Login in the top right corner
  2. Click on the appropriate button
    1.  

Special Case - Microsoft Office 365
The "Sign in with Microsoft" button will NOT work for Office 365.
This button is only for consumer Microsoft accounts (Hotmail, Xbox, etc.).
Follow these steps for Office 365 SSO:
  1. Open a ticket asking for SSO enablement
    1. Include your Office 365 domain name(s)
    2. Wait for a response from our support team
  2. Click on Login in the top right corner
  3. Type your email
    1. The password field should disappear
    2. Click on "Log In"
    3. Follow the steps
      1. You may be asked to verify your email address
      2. You may be prompted to authorize our application
If you cannot authorize our application because you have insufficient permissions in Office 365, ask your Office 365 admin to perform one of those steps.
  1. Option #1 - Start Free Sales Cookie Trial
    1. Ask your Office 365 admin to perform the same steps above
    2. This may start a free trial which is harmless
    3. No credit card information is required
  2. Option #2 - Use Entra ID Admin Center
    1. Ask your Office 365 admin to browse to https://entra.microsoft.com
    2. Browse to Entra ID > Enterprise Applications > All Applications
    3. Search for application "Sales Cookie Commissions"
      1. If NOT listed, try option #1 or #3
    4. Click on the application
      1. Click on "Permissions"
      2. Click on the "Grant Admin Consent" button
  3. Option #3 - Use a Consent URL
    1. Generate a consent URL
      1. Replace {your-tenant} with a domain verified in your tenant (ex: mycompany.com) or your tenant ID
    2. Ask your Office 365 admin to browse to this URL
    3. Authorize the app for all users
    4. Ignore errors after approval
Once your Office 365 admin has completed those steps, try logging in again with your own account.

Finally, if this still does not resolve the issue, ask your Office 365 admin to check security settings.
Office 365 settings may prevent some users from using our app to login.  
  1. Ask your Office 365 admin to browse to https://entra.microsoft.com
  2. Browse to Entra ID > Enterprise Applications
    1. Click on "Conditional Access" and review rules
      1. Some users may be blocked from using any third-party app
    2. Click on "Consent and Permissions" and review rules
    3. Click on "Admin Consent Requests"
      1. Check if you have pending consent requests from users
  3. Browse to Entra ID > Enterprise Applications > All Applications
    1. Search for application "Sales Cookie Commissions"
    2. Click on the application
      1. Click on "Properties" and review settings
      2. Click on "Self-Service" and review settings
      3. Click on "Conditional Access" and review rules 

Blocking Other Login Methods
Once SSO works, optionally block logins via other methods / providers:
  1. Login to your workspace
  2. Click on Settings > Security > Manage Settings on the left navigation bar
  3. Enter values in this field
    1. Common values include
      1. "salesforce" for SalesForce
      2. "quickbooks-online" for QuickBooks
      3. "google" for Google
      4. "windowslive" for Microsoft Consumer Accounts
      5. "waad" for Microsoft Office 365 (Windows Azure AD)
      6. "xero" for Xero

If these steps did NOT work, or you have a different identity provider, custom SSO is required:
  1. The more expensive Sales Cookie Business+ plan is required
  2. Special configuration steps are required (please see below)
  3. Additional fees may apply to setup custom SSO

Configuring Custom SSO
If these steps did NOT work, custom SSO is required. Special steps need to be performed by both you and us (Sales Cookie) to establish trust. Custom SSO is typically required when you have customized your authentication, or you require a different identity provider.

Depending on the platform you are using, typical configuration steps may include:
  1. Registering an application in your tenant (ex: creating an Azure AD application)
  2. Setting up SAML records in your tenant 
  3. Downloading X509 certificate / OAuth secrets
  4. Entering authorized login URLs within your tenant (ex: https://salescookie.auth0.com/login/callback)

The method used to configure SSO varies greatly from provider to provider, but will require manual intervention. On our end, Sales Cookie uses Auth0 for all authentication. Auth0 is part of the Okta product family. Here are a few examples of what steps may look like - both on your end, and our end (Auth0):

Because of the complexity of setting up custom authentication, we require the more expensive Sales Cookie Business+ plan. Besides the cost of configuration, this helps us cover the cost of Auth0, whose pricing model requires additional fees for each custom SSO enterprise connection. Please reach out to support for help configuring custom SSO. Additional fees may apply as well.

    • Related Articles

    • How Can I Enable Revenue Analytics For My Reps?

      Why Enable Revenue Analytics? Revenue Analytics provide a unique understanding of your organization's revenue and sales performance. Revenue Analytics help identify your best and worst customers. Using Revenue Analytics, you can identify top ...
    • How Secure Is Sales Cookie?

      Many SaaS products claim they are secure simply because they use SSL. The reality is that a SaaS solution requires many measures to be truly secure. Here is an overview of advanced security measures we implement to deliver world-class security. Some ...
    • How Can I Debug Formulas?

      You can use debug mode to understand how formulas are applied to a sample transaction or sample payee. You will see how each formula statement was evaluated against your sample transaction or user (payee). Debugging Formulas - Sample Transaction To ...
    • How Do I Sign Up?

      If you've never logged in to Sales Cookie previously, you must sign up. This applies even if your administrator has already added you as a user within a workspace. The sign up process allows you to: Choose a way to login to Sales Cookie Confirm that ...
    • How Can I Clone Transactions From Other Workspaces?

      It is possible to clone transactions from one source workspace to another destination workspace. This is a one-way copy from the source workspace to the destination workspace. You must have full admin permissions to both workspaces to setup the ...