Setting Up SSO

🚧

SSO is an Enterprise feature

To learn more or set it up, please contact [email protected]

Configuration

Leapfin uses SAML 2.0 protocol for our SSO management. Follow the steps below to set up your company's SSO with Leapfin. Note: Only users with admin privileges in Leapfin will have the ability to configure SSO.

The admin for your Active Directory should log in to your Identity Provider platform. We will be using Okta in this example.

  1. Log in to your Identity Provider Platform as an admin and create an app integration

  1. Select SAML 2.0 option and click next

  1. Input the following information to setup SAML
    App Name: Leapfin

Single Sign-on URL: https://app.leapfin.com/login-acs
Audience URI (SP Entity ID): https://app.leapfin.com
NameID format: EmailAddress
Application username: Email
Update application username on: Create and Update
and click save to create the SAML integration

  1. Navigate to the SAML integration we just created by going to the 'Applications' tab. Click on the integration created and go to the 'Sign On' tab. Scroll to the SAML Signing Certificates section and click on 'View IdP Metadata' for the certificate with an Active status.

  1. Copy the link to the IdP metadata file. We will use this in Leapfin to finish setting up.

  2. Go to Leapfin and access the "Company Details" page by clicking on the top right-hand dropdown menu

  3. Scroll to the bottom of the page to the "Single Sign On" section, paste the IDP link into the IdP Metadata Link field and click "Enable".

    To disable SSO at any time, simply click the "Disable" button and the IdP metadata link will be wiped effectively removing any steps to sign in via Okta within the sign-in flow.

  4. Verify SSO is turned on by going to https://app.leapfin.com/login and logging in.

Invalid SSO Certificates

For cases of Invalid SSO certificates, access the Leapfin application within the Okta dashboard and click on the "Sign On" tab, and go to the "SAML Signing Certificates" section. Click generate a new certificate and automatically a new certificate will be activated. Follow step 4 onwards to continue configuring a new SSO certificate and validate in step 8 for success.

🚧

SSO does not support multiple users accessing Leapfin via the same browser session on the same computer.

If there is such a case where users will switch within an active browser session, users are prompted to do one of the following options:

  1. Log out of the Leapfin appication and then proceed to login.okta.com and logging out of the Okta account authenticated with Leapfin previously.
  2. Clear cache after logging out of Leapfin in order for new users to log in. (Warning: this will log you out of all applications signed in)

Did this page help you?