Single Sign-On

Set Up Single Sign-On

Easily set up and configure Planful for Marketing's single sign-on integration.

Introduction 

Many organizations use Single Sign-On (SSO) as a mechanism to centralize the management of authorization and simplify life for their employees by reducing the need for managing multiple sets of login credentials.

Planful for Marketing provides an integration option for customers to leverage the Identity Provider used for their SAML-compliant SSO solution to authenticate users who access Planful for Marketing's SaaS platform to prove and improve the business value of their marketing.

Integration Process 

There are four steps to integrate your SSO with Planful for Marketing, assuming that you have the role of Planful for Marketing Admin for your account:

1. Talk to your Planful for Marketing Customer Success Manager.
2. Planful for Marketing provides configuration settings to your IT team.
3. Your IT team provides you with your company’s SSO configuration file.
4. You upload the SSO configuration file into Planful for Marketing.

At that point, your users will be able to authenticate with Planful for Marketing using your company’s SSO!

Step 1 - Talk to your Planful for Marketing Customer Success Manager 

The first step in enabling SSO for your Planful for Marketing account is to inform your Customer Success Manager (CSM) at Planful for Marketing. They will confirm the custom subdomain that you would like to use for Planful for Marketing. Typically, customers use the same domain as their corporate website. For example, if your company website is www.mycorpxyz.com, then your users would access Planful for Marketing from mycorpxyz.planful.com (if you are using our US-based hosting site) or mycorpxyz.eu.planful.com (if you are using our EU-based hosting site). After confirming the subdomain, your CSM will enable SSO for your Planful for Marketing account.

Step 2 - Planful for Marketing provides configuration settings for your IT team 

Planful for Marketing will provide the specific settings that your IT team will need to update so that your SSO requires. This includes a few key pieces of information:

1. The details about identifying that the request is coming from Planful for Marketingso that your SSO knows that Planful for Marketingis allowed to ask whether users are authenticated.
   • For ADFS, this will involve adding to Relying Party Trusts an entry for Planful for Marketing and specifying the “Relying party identifier”. 
   • For Google, this means adding a custom SAML app and specifying an “Entity ID”.
   • For Okta, this means setting “Audience URI (SP Entity ID)”. 
2. The URL endpoint that your SSO will send the result of authentication. 
   • For ADFS, this is called a “Trusted URL”. 
   • For Google, this is called “ACS (Assertion Consumer Service) URL”. 
   • For Okta this is called a “Single sign-on URL”. 
3. Details about mapping information from the SSO response about the specified user -
   • Email Address
   • Given name (first name)
   • Surname (last name)

For Okta, you may also want to configure the SSO bookmark. If you follow the steps in this link, in step #7 set the URL to your custom domain (like http://mycorpxyz.planful.com or http://mycorpxyz.eu.planful.com).

Step 3 - Your IT provides you with your company’s SSO configuration file 

Your IT team then provides you with your company’s SAML v2.0 metadata XML file. This file defines the metadata about your SSO that Planful for Marketing will need to connect.

Step 4 - You upload the SSO configuration file into Planful for Marketing

1. Log in to Planful for Marketing (assuming you are the account owner).
2. Go to the admin menu, and select Integrations > SSO Settings.
   
3. Browse to the location of the SAML v2.0 XML configuration file that your IT team provided, and click OK.
4. At the bottom of the dialog box, you’ll see the URL that you and your team can use to leverage SSO authentication. If you go to that location and are already logged in, you’ll be redirected to Planful for Marketing immediately. If not, you’ll be prompted for your corporate user ID and password as per your corporate policy.