Your organization can sign on with a single click (and avoid security headaches) thanks to available Single Sign-On for all SAML 2.0 standard IdPs. 

Single Sign-On lets users access Arcules using your organization's user database or Identity Provider rather than Arcules managing separate passwords for the users.

Please note, this is enables SSO as an additional Identity Provider, it does not remove standard email/password authentication. 

Tested Identity Providers

  • Google

  • Okta

  • One Login

  • Auth0

  • JumpCloud

Prerequisites

  • Access to your domain's DNS Management Tool.

  • IT Manager level access to your organization's Arcules account.

Use the following values for relevant SAML 2.0 settings to setup in the Identity Provider (IdP) of choice:
Single Sign On URL:
https://manage.arcules.com/federation/login/saml/assert
(same for Recipient/Destination URL)
Audience Restriction: arcules.com
Note: This field may have a different name depending on the IDP. In Azure AD for example, it is called Identifier (Entity ID). If you are setting SSO up in the EU, the value is eu.arcules.com instead of arcules.com.
Name ID Format: EmailAddress
Available Attribute Mapping:
  - firstName
  - lastName
  - image (url to the image file)   

  • Ensure your organization SAML 2.0 IdP is setup with a valid IdP Metadata XML. You can use either a URL to the IdP Metadata XML that you host or upload the Metadata File.

Step 1: Add and validate a domain

In order to prove that you are the owner/administrator of a domain, Arcules will have to validate the domain. To do so, you need to add a unique key provided by Arcules to your DNS configuration.

  • Go to the Settings Tab

  • Click the Verify Domain Tab

  • Click + New Domain and enter the domain address

  • Click ADD

  • Click VERIFY, then copy the TXT key

  • Open your DNS Management Tool (e.g. Google Domains, GoDaddy, ...)

  • Paste the key into the TXT field

  • Wait until your DNS configuration changes (Note: this could take up to 72 hours)

To view detailed instructions on how to verify a domain with a TXT record, see the following examples by Google Domains here, or GoDaddy here.

Step 2: Configure & enable SSO

Now that you have verified a domain, you can enable the SSO feature. 

  • Go to the Settings Tab.

  • Click the SAML Single Sign-On Tab.

  • Locate the domain address you want to enable SSO for and toggle it on.

  • Select your Setting Method. You can upload your IdP metadata XML file or add the URL to the file that you host publicly.

  • Click SAVE

To disable SSO, simply toggle off SSO per domain. 

Repeat steps 1 and 2 if you want to enable SSO for additional domains within your organization.

User Login page 

To login with SSO, enter the email address associated with the SAML account and click on Next.

Notes on Setting up in ADFS

Please note we highly recommend using Azure AD to work with SAML 2.0 integration, and we do not actively support implementing SAML 2.0 directly via ADFS.

However, below information might help in getting set up inside ADFS:

For claim issuance policy, you might need two rules:

Note for Microsoft Azure/Authenticator when using Mobile

If you are using Microsoft Azure/Authenticator as your SSO provider, you need to have the Microsoft Authenticator app installed on your iOS or Android device, if you want to access Arcules via mobile.

Have questions? We're here to help! 👋 Reach out to the Arcules team through the chat icon at the bottom right-hand corner of your screen.

Did this answer your question?