SAML Single sign-on

How to configure and use SSO with Metatask

Natalia Sokolova avatar
Written by Natalia Sokolova
Updated over a week ago

Who can use this feature?

SSO is available to users of Business plan. You should be a team administrator to configure SSO for your team.

SAML-based single sign-on (SSO) gives members access to Metatask through an identity provider (IDP) of your choice.

How to configure your identity provider

To get started, you’ll need to set up a connection (or connector) for Metatask with your IDP. Metatask now only supports one Identity Provider: Microsoft Azure.

Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the Metatask application integration page, find the Manage section and select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  3. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.

Edit Basic SAML Configuration

4. On the Basic SAML Configuration section, enter the values for the following fields:

a. In the Sign on URL text box, type a URL using the following pattern:

https://<DOMAIN NAME>.metatask.io/api/authenticate/saml

b. In the Identifier (Entity ID) text box, type the URL:

https://metatask.io

c. For Reply URL, enter the URL:

https://metatask.io/join/api/authenticate/saml

Metatask application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. Metatask does not use default attributes. Metatask application expects the below attributes to be passed back in SAML response:

On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find App Federation Metadata URL, copy this URL to a temporary text file on your computer.

Create an Azure AD test user

In this section, you'll create a test user in the Azure portal called Suzy Hunt.

  1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.

  2. Select New user at the top of the screen.

  3. In the User properties, follow these steps:

  4. In the Name field, enter Suzy Hunt.

  5. In the User name field, enter the username@companydomain.extension. For example, suzy.hunt@acmeinc.com.

  6. Select the Show password check box, and then write down the value that's displayed in the Password box.

  7. Click Create.

Assign the Azure AD test user

In this section, you'll enable Suzy Hunt to use Azure single sign-on by granting access to Metatask.

  1. In the Azure portal, select Enterprise Applications, and then select All applications.

  2. In the applications list, select Metatask.

  3. In the app's overview page, find the Manage section and select Users and groups.

  4. Select Add user, then select Users and groups in the Add Assignment dialog.

  5. In the Users and groups dialog, select Suzy Hunt from the Users list, then click the Select button at the bottom of the screen

  6. If you're expecting any role value in the SAML assertion, in the Select Role dialog, select the appropriate role for the user from the list and then click the Select button at the bottom of the screen.

  7. In the Add Assignment dialog, click the Assign button.

Configure Metatask SSO

Currently Metatask application does not allow to enter SSO settings as a part of Company account configuration. This functionality is coming soon.

As a company administrator, please send request to enable SSO to support@metatask.io with the following information:

  • Your company DOMAIN NAME.

  • App Federation Metadata URL (copied at this step)

  • JIT provisioning option. By default it is enabled for your Metatask account.

Wait for confirmation email from Metatask support team, that SSO is now enabled for your company account.

Usually it takes no longer than 1-2 hours, sometimes it can take up to 1 business day.

Create Metatask test user

The objective of this section is to create a user called Suzy Hunt in Metatask.

Metatask supports just-in-time provisioning, which is by default enabled. There is no action item for you in this section.

A new user is created during an attempt to access Metatask if it doesn't exist yet.

Test SSO

In this section, you test your Azure AD single sign-on configuration using the Access Panel.

When you click the Metatask tile in the Access Panel, you should be automatically signed in to the Metatask account for which you set up SSO.

For more information about the Access Panel, see Introduction to the Access Panel.

Did this answer your question?