FAQ Submit a request Log in
  1. Moqups Help Center
  2. Working with Moqups
  3. Integrations

Articles in this section

    See more

    Single Sign-On

    Also in this section

    Single Sign-On with SAML

    SSO, or Single Sign-On, allows individuals to use a single set of identifying credentials to sign up and sign on to a variety of different websites and SaaS (Software as a Service) platforms.

    Most people are familiar with SSO from Sign Up with Google, a feature that allows you to use your Google credentials to sign up and log in to many websites, including Moqups.

    Single Sign-On with SAML goes a step further and allows the employees of an organization to use a single set of credentials to log on to a variety of websites and apps they may need for their work.

    SAML (Security Assertion Markup Language) is the open standard that allows identity providers (IDP) like OneLogin, Okta, or Microsoft Azure AD to pass authorization credentials to service providers (SP) like Moqups. 

    Once SAML is enabled for your Moqups account, users can use SSO by simply entering their email at the SAML login. Moqups then authenticates their credentials via the IDP – and they can begin using our app.

    You can also set up automatic provisioning with SCIM (System for Cross-domain Identity Management). SCIM allows IT departments to automate their user identity management process within an IDP. To set up SCIM you will need to generate an API token in Moqups, and then add this to your IDP. You’ll find instructions for each of our supported IDPs below.

    Who Can Use This Feature?
    All Moqups Unlimited accounts can enable SSO by configuring SAML with their IDP.

    To set up a SAML integration, you’ll need Admin privileges for both Moqups and your chosen IDP. Moqups Admins also have the option of requiring their team members to use an SSO option, either via Google or one of the SAML providers listed below.

     
    SCIM automatic provisioning can also be set up for Moqups using any of these IDPs.
    In this article

    OneLogin SAML configuration

    Please follow these steps to configure OneLogin SAML for your Moqups account:

    1. Once signed into OneLogin, select the SSO tab for the Moqups app. 1._OneLogin_SSO_Tab.png
    2. In the Issuer URL field, copy the identity provider metadata. 2._OneLogin_IPM.png
    3. Click here to log into Moqups and go to the Integration tab on your Dashboard’s Account page. 
    4. In the SAML Authentication section of your Integration tab, paste the identity provider metadata URL copied during Step 2 and click the Configure button. 3._NEW_OneLogin_Configure.png
    5. Your configuration is now complete.

    Okta SAML configuration

    Please follow these steps to configure Okta SAML for your Moqups account:

    1. Once signed into Okta, select the SSO tab for the Moqups app. 7._SAML_Okta_Sign_On_Tab.png
    2. Click the Identity Provider metadata link to open a new tab containing the issuer URL 8._SAML_Okta_IPM.png
    3. Copy the URL from the address bar of the tab that opened during Step 2 9._SAML_-_Okta_Copy_URL.png
    4. Click here to log into Moqups and go to the Integration tab on your Dashboard’s Account page.
    5. In the SAML Authentication section of your Integration tab, paste the identity provider metadata URL copied at Step 3 and click the Configure button. 10._NEW_SAML_Okta_Configuration.png
    6. Your configuration is now complete.

    Microsoft Azure AD SAML configuration

    This section provides an overview and the steps required to configure SAML authentication for  Moqups and Microsoft Azure AD.

    Contents

    • Supported Features
    • Requirements
    • Step-by-Step Configuration Instructions

    Supported Features

    The Microsoft Azure/Moqups SAML integration currently supports the following features:

    • SP-initiated SSO
    • IDP-initiated SSO
    • JIT (Just In Time) Provisioning

    Requirements

    SAML authentication is available to Moqups customers on our Unlimited Plan.

    Step-­by-­Step Configuration Instructions

    Within Azure AD, you’ll need to add Moqups from the gallery to your list of managed SaaS apps. Then, within the Moqups app, you’ll need to add Azure’s metadata URL to your Dashboard.

    Please follow these steps:

    1. Sign in to the Azure portal.
    2. Select Azure Active Directory > Enterprise applications+New application
    3. To add a new application, select New application: 15._Azure_New_Application.png
    4. In the Add from the gallery section, type Moqups in the search box.
    5. Select the Moqups app from the results panel. 16._Azure_Moqups_in_app_gallery.png
    6. You should be redirected to the Moqups app within Azure (if not go to Azure Active Directory > Enterprise applications > All applications > Moqups)
    7. Go to Single sign-on: 17._Azure_Open_SSO.png
    8. On the Select a single sign-on method page, select SAML: 18._Azure_SSO_SAML.png
    9. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings: 19._Azure_Edit_Configuration.png
    10. Copy the App Federation Metadata URL: 20._Azure_Add_Meta_Data.png
    11. Log in to Moqups.
    12. Go to https://my.moqups.com/dashboard/account/integrations
    13. Now paste the App Federation Metadata URL copied at Step 10.
    14. Click the Configure button 10._NEW_SAML_Okta_Configuration.png
    15. Your configuration is now complete.

    Log In to Moqups with SAML/SSO

    Once the SAML integration has been configured, your users can use SSO to log in to Moqups:

    1. Go to https://my.moqups.com/saml-login
    2. Enter your email address
    3. Click Log in

    25._Moqups_Log_In_with_SAML_SSO.png

    Enforce SSO Authentication

    In order to provide an additional layer of security, Moqups admins (team owners) can require all their team members to use an SSO option, either via Google or one of the SAML providers above. 

    Enabling the Enforce SSO Authentication option means that password-only login will be disabled for all team members.

     
    To disable password-only login for your team, your own Admin account must first use an SSO provider: Google, OneLogin, Otka.

    To enforce SSO authentication for your team: 

    1. Go to the Accounts window of your Dashboard
    2. Click on the Security tab 
    3. In the Enforce SSO Authentication section, set the Enforce SSO Authentication for your team toggle to the ON position.
    4. Confirm your choice by pressing the Continue button in the pop-up.

    26._Enforce_SSO_Authentication.png