How Can I Enable SSO?

How Can I Enable SSO?

You may want to restrict access to Sales Cookie and require Single-Sign-On (SSO).

SSO has several benefits, including:
  1. When a user account is disabled in your tenant, it is also immediately disabled in Sales Cookie
  2. Users do not need to configure a separate password to access Sales Cookie
  3. You can more easily monitor logins to the Sales Cookie application within your own tenant

There are 2 possible situations:
  1. You can to login via a cloud provider's SSO (ex: Microsoft, Google, SalesForce, QuickBooks, etc.)
  2. You have configured custom SSO for your domain and so the above method does not work

Testing For Cloud Provider Login
Please perform the following steps to determine if you are in case #1 vs. #2 above:
  1. Browse to https://salescookie.com
  2. Click on Login in the top right corner
  3. Click on the appropriate button
    1.  

If this method works, then you do NOT have custom SSO. The less expensive Sales Cookie Business plan is sufficient.

Optionally, you can restrict logins to one SSO provider only, so that logins via a user name / password, or other SSO providers, are disabled:
  1. Login to your workspace
  2. Click on Settings > Security > Manage Settings on the left navigation bar
  3. Enter values in this field
    2. Common values include
      1. "salesforce" for SalesForce
      2. "quickbooks-online" for QuickBooks
      3. "google" for Google
      4. "windowslive" for Microsoft
      5. "xero" for Xero
  4. Additional settings on this page make it also possible to restrict access to certain IPs or domain names 
At this time, everything is ready. Your users will be able to login via your SSO provider (with the option to limit logins to this SSO provider only).

If this method does NOT work, you are using custom SSO for your domain:
  1. The more expensive Sales Cookie Business+ plan is required
  2. Special configuration steps are required (please see below)

Configuring Custom SSO
Special steps are required to enable custom SSO. Those steps need to be performed by you and us (Sales Cookie) to establish trust. Custom SSO is typically required when you have customized your authentication, and the general SSO authentication provided by Google, Microsoft, etc. do not work.

Depending on the platform you are using, typical configuration steps may include:
  1. Registering an application in your tenant (ex: creating an Azure AD application)
  2. Setting up SAML records in your tenant 
  3. Downloading X509 certificate / OAuth secrets
  4. Entering authorized login URLs within your tenant (ex: https://salescookie.auth0.com/login/callback)

The method used to configure SSO varies greatly from provider to provider, but will require manual intervention. On our end, Sales Cookie uses Auth0 for all authentication. Auth0 is part of the Okta product family. Here are a few examples of what steps may look like - both on your end, and our end (Auth0):
  1. If you use Google Workspace - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/google-apps
  2. If you use Microsoft Azure AD - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/azure-active-directory/v2
  3. If you use Okta - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/okta
  4. If you support SAML - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/saml
  5. If you support PingFederate - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/ping-federate
  6. Etc. - https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers

Because of the complexity of setting up custom authentication, we require the more expensive Sales Cookie Business+ plan. Besides the cost of configuration, this helps us cover the cost of Auth0, whose pricing model requires additional fees for each custom SSO enterprise connection. Please reach out to support for help configuring custom SSO.

    • Related Articles

    • How Can I Enable Revenue Analytics For My Reps?

      Why Enable Revenue Analytics? Revenue Analytics provide a unique understanding of your organization's revenue and sales performance. Revenue Analytics help identify your best and worst customers. Using Revenue Analytics, you can identify top ...

    • How Secure Is Sales Cookie?

      Many SaaS products claim they are secure simply because they use SSL. The reality is that a SaaS solution requires many measures to be truly secure. Here is an overview of advanced security measures we implement to deliver world-class security. Some ...

    • How Do I Sign Up?

      If you've never logged in to Sales Cookie previously, you must sign up. This applies even if your administrator has already added you as a user within a workspace. The sign up process allows you to: Choose a way to login to Sales Cookie Confirm that ...

    • What Happens When I Change User Email Addresses?

      This KB only applies to authorized Sales Cookie operators. To change user email addresses, follow these steps: Go to Debug > Change Email Complete the form Current Email = old email address of a user (MUST exist) New Email = new email address to ...

    • How Can I Debug Formulas?

      You can use debug mode to understand how formulas are applied to a sample transaction or sample payee. You will see how each formula statement was evaluated against your sample transaction or user (payee). Debugging Formulas - Sample Transaction To ...