Log in with single sign-on
This is a premium option. Contact your Customer Success Manager to enable it on your Kameleoon account.
Single sign-on (SSO) is a method for authenticating users where a single set of credentials can be used to log in to several applications.
When SSO is set up, you can sign in to your third-party IdP, then access Kameleoon app directly without a second sign-in.
Kameleoon lets you implement SSO through the following solutions :
- External identity providers that support the SAML 2.0 standard
- Open ID Connect
- Okta
- Microsoft Entra ID (formerly Azure AD)
- France Connect
- SalesForce
Role definition
You can define roles in Kameleoon using attributes from your identity provider. There are three roles available: super admin, site admin, and common user.
Once the roles are configured on the identity provider (IdP) side, you must provide Kameleoon with the name of the attribute that will contain the role, and the values that correspond to the super admin, site admin, and common user roles.
When the roles are fully configured, there will be an additional check in the Kameleoon system to ensure the roles from the IdP match the roles in Kameleoon.
Configure roles with identical names in both Kameleoon and your IdP. Otherwise, users will get a 401 Unauthorized error when making requests.
SAML 2.0
For this method, you must provide the Identity Provider metadata XML file.
Additionally, you must set the callback URL (https://login.kameleoon.com/am/kameleoon/login/callback) as an authorized URL on the identity provider’s side.
Open ID Connect
For this method, you must provide the Client ID, Client Secret and OpenID Connect Well-Known Endpoint /.well-known/openid-configuration to get OpenID Provider Configuration.
Additionally, you must set the callback URL (https://login.kameleoon.com/am/kameleoon/login/callback) as an authorized URL on the identity provider’s side.
Microsoft Entra ID (formerly Azure AD)
To set up the native integration with Entra ID, you will need to provide the tenant ID, client ID, and client secret. Additionally, the callback URL (https://login.kameleoon.com/am/kameleoon/login/callback) needs to be set as an authorized URL on the identity provider’s side.
Native integration
SAML 2.0 can also be used for SSO integration with Microsoft Entra ID. This method requires the Identity Provider SAML 2.0 metadata XML file to be provided.
SAML 2.0
You can use SAML 2.0 for SSO integration with Microsoft Azure. You must provide the Identity Provider SAML 2.0 metadata XML file for this method.
Okta
SAML 2.0
You can use SAML 2.0 for SSO integration with Okta.
- Add a new application.
- Navigate to the Okta dashboard.
- Go to Applications and click Create App Integration.
- Select SAML 2.0 as the sign-on method.
- Configure your application.
- Enter you application's details.
- Specify the following in the SAML settings:
- Single sign-on URL (this is where Okta will send the SAML response):
https://login.kameleoon.com/am/kameleoon/login/callback. - Check the Use this for Recipient and Destination URL checkbox.
- Audience URI (SP Entity ID):
https://login.kameleoon.com.
- Single sign-on URL (this is where Okta will send the SAML response):
- Finish the setup.
- Save the application after filling out the required fields.
- Save the metadata URL provided by Okta. We will need it to configure SSO on Kameleoon.