Other Questions
      Back to home
      1. Help Center
      2. FAQs
      3. Other Questions

      Set Up Single Sign-On (SSO)

      Single sign-on (SSO) allows team members to use one set of login credentials for all of your business systems.

      With magicplan's single sign-on feature, your team members can conveniently use just one login credential for all the systems your business utilizes. This eliminates the hassle of managing multiple logins and streamlines the authentication process. SSO is a paid add-on service with magicplan. Please contact our Sales Team for more information.   

      ℹ️ Note: an IT administrator with experience creating applications in your identity provider account should do this setup process. Only admins can set up SSO for your account.

      magicplan supports SSO providers that use SAML 2.0, like Google, Salesforce, and Microsoft Azure. Please get in touch with us if you are unsure if your identity provider is compatible.

      General Setup

      • Log in to your identity provider account.
      • Navigate to your applications.
      • Create a new application for magicplan.
      • Enter the ACS, Audience URI, Sign on URL, or Redirect values into your identity provider account where required. 
      • If prompted, set the username format/name ID to Email.
      • After you complete all of the steps above, contact us to enable SAML SSO for your workspace in magicplan. Please contact us at integration@magicplan.app (see specific details below).

      The navigation instructions and field names above may differ across identity providers. You can find more specific instructions for setting up applications in commonly used identity providers below:

      Instructions for Specific Identity Providers

      Google

      1. Follow these steps provided by Google support.

      2. Configure magicplan app by filling the data as defined below:

        1. Application Name: magicplan

        2. Upload logo:  https://go.magicplan.app/hubfs/NEW%20BRANDING/Logos/mp_magicplan_logo_icon.png

        3. ACS URL: https://cloud.magicplan.app/auth-sso-success

        4. Entity Id: https://cloud.magicplan.app/

        5. Name ID:

          1. Basic Information

          2. Primary Email

        6. Name ID Format: EMAIL

      3. Add attribute mapping for magicplan required fields:

        1. Email

          1. Basic information: Primary email

          2. App attributes: emailaddress

        2. First name

          1. Basic information: First name

          2. App attributes: firstname

        3. Last name

          1. Basic information: Last name

          2. App attributes: lastname

      4. Now magicplan needs to be turned on by clicking the dots in the top right of the screen and selecting ON for everyone.

      5. Finally, after you have completed all of the steps above, contact us to enable SAML SSO for your workspace in magicplan. Please contact us at integration@magicplan.app. You will need to provide us with the following information:

        1. The magicplan account which is the owner of your workspace.

          1. If this account has more than one workspace, please tell us the name of the workspace.

        2. Your organization email pattern, for example @magicplan.app.

        3. SAML Info from G Suite:

          1. Idp Certificate

          2. SAML Entity ID or referenced as Issuer

          3. SSO URL or referenced as Login URL

          4. Logout URL

          5. SAML XML Metadata

      Salesforce

      1. Follow this documentation provided by Salesforce.

      2. Configure magicplan app by filling the data as defined below:

        1. Connected App Name: magicplan

        2. Contact Email: integration@magicplan.app

        3. Logo Image URL: https://go.magicplan.app/hubfs/NEW%20BRANDING/Logos/mp_magicplan_logo_icon.png

        4. Under “Web App Setting” check the box for Enable SAML. This will display some additional fields which need to be filled (see below):

          1. Entity Id: https://cloud.magicplan.app/

          2. Subject Type: Username

          3. ACS URL: https://cloud.magicplan.app/auth-sso-success

          4. Name ID Format: Choose the one with emailAddress

          5. Idp Certificate: Default IdP Certificate

      3. Navigate under Platform Tools > Apps > App Manager and find magicplan. Tap on View and scroll down to Custom Attributes. Tap on New to add custom attributes required by magicplan:

        1. Email

          1. Key: emailaddress

          2. Field: $User->Email

        2. Name

          1. Key: firstname

          2. Field: $User->First name

        3. Last name

          1. Key: lastname

          2. Field: $User->Last name

      4. Grant privileges to users.

        1. Under Administration > Users > Profiles, update Profiles that you want to give access to log in to magicplan via Salesforce. For example, tap on “Standard User” and scroll down to the Connected App Access section.

        2. Check the box next to the name of the app (e.g magicplan) to enable it for this profile.

        3. Click Save.

      5. Finally, after you have completed all the steps above, contact us to enable SAML SSO for your workspace in magicplan. Please contact us at integration@magicplan.app. You will need to provide us with the following information:

        1. The magicplan account which is the owner of your workspace.

          1. If this account has more than one workspace, please tell us the name of the workspace.

        2. Your organization email pattern, for example @magicplan.app.

        3. SAML info from Salesforce. Navigate under Setup > Apps > Connected Apps > Manage Connected Apps and then find magicplan. Tap on it, and you will see the information below:

          1. Idp Certificate

          2. SAML Entity ID (IdP-Initiated Login URL)

          3. SP-Initiated Redirect Endpoint

          4. Single Logout Endpoint

          5. SAML XML Metadata or just the Metadata Discovery Endpoint

      Microsoft Azure

      1. Follow this documentation to add magicplan as an app. You can directly jump to step 7 where it explains about "Create your own application".

      2. Continue to configure properties for magicplan, following the steps here. The values you need from magicplan are listed below:

        1. Name: magicplan

        2. Logo: https://go.magicplan.app/hubfs/NEW%20BRANDING/Logos/mp_magicplan_logo_icon.png

        3. Reply URL: https://cloud.magicplan.app/auth-sso-success

      3. After configuring magicplan, assign your users to the app you just created by following the steps here.

      4. Next, set up SAML-based SSO for magicplan. Please follow this documentation for more info. To complete those steps, you need the following data from magicplan:

        1. Identifier (Entity ID): https://cloud.magicplan.app

        2. Reply URL (Assertion Consumer Service URL): https://cloud.magicplan.app/auth-sso-success

        3. Sign on URL: https://cloud.magicplan.app/login

      5. Go into section "User Attributes & Claims” and add a new claim for:

        1. Email

          1. Name: emailaddress

          2. Source: Attribute

          3. Source Attribute: user.mail

        2. Name

          1. Name: firstname

          2. Source: Attribute

          3. Source Attribute: user.givenname

        3. Last Name

          1. Name: lastname

          2. Source: Attribute

          3. Source Attribute: user.surname

      6. Finally, after you have completed all the steps above, contact us to enable SAML SSO for your workspace in magicplan. Please contact us at integration@magicplan.app. You will need to provide us with the following information:

        1. The magicplan account which is the owner of your workspace.

          1. If this account has more than one workspace, please tell us the name of the workspace.

        2. Your organization email pattern, for example @magicplan.app.

        3. SAML info from Microsoft Azure.

          1. SAML Single Sign-On Service URL or referenced as Login URL

          2. SAML Azure AD Identifier

          3. Logout URL

          4. SAML Signing Certificate (Base64)

          5. SAML XML Metadata or just the App Federation Metadata Url