External Login

Table of Contents


By default, login to Testable is done using a password that is setup on the Testable platform. We also support other forms of external authentication which are detailed here.

SAML 2.0

Testable provides full compatibility with the SAML 2.0 standard as a Service Provider (SP). Login can be initiated from Testable or from your Identity Provider (IDP) if they support that flow.

SAML Setup

  1. Login to Testable using password authentication (or sign up for an account first).

  2. Go to Account => Settings and check the SAML 2.0 Authentication box.

    SAML Auth Setting

  3. Fill in the required information

    1. Provider: The Identity Provider (e.g. Okta, OneLogin). Any provider which conforms to the specification is eligible.
    2. IDP Metadata: Metadata provided by the IDP as part of the setup process. See the below sections for steps to follow on OneLogin and Okta. Any IDP should have something similar.
    3. Team Login: Choose a subdomain from which you will initiate login to Testable (https://[subdomain].testable.io). This same subdomain usually needs to be configured on the IDP side as well.

      SAML Settings

  4. Go to https://[subdomain].testable.io and login.

SAML Login Workflow

Using the SAML protocol the login workflow is as follows:

  1. Go to https://[subdomain].testable.io and press the Login with ____ button


  2. The browser will redirect to the IDP (Identity Provider) to authenticate.

  3. If successful, you will be redirected back to Testable as an authenticated user. If you had not previously created a Testable account one will automatically be provisioned for you at this point.

  4. Once your session times out (7 days by default) your browser will redirect to the IDP again to authenticate.


This section describes the steps on the OneLogin side to setup Testable.

  1. Login to your OneLogin account.
  2. Press the New App button in the upper right.
  3. Type "Testable" in the search box and select it.
  4. Press the Save button in the upper right
  5. Go to the Configuration tab and type in the same subdomain you setup within Testable. Press the Save button again.
  6. Click More Actions -> SAML Metadata to download the metadata. Open the file and paste the contents on the Testable side as part of the SAML setup.

Once you've done this and the SAML setup within Testable you are all set to login via https://[subdomain].testable.io.


Okta setup steps are documented on their site.


If I login via external login am I still allowed to use a password to login to Testable?

No. Once you start authenticating via an external provider your password will be removed from Testable. If you want to switch back to password authentication, you must login via your team's login page (https://[subdomain].testable.io), go to Account => Profile, and switch the Authentication Source back to Password.

My company has setup external login for our account. Do we need to provision every user on Testable?

No. Once a user successfully authenticates for the first time, Testable will automatically create an account for them and associate it to your organization. No further action required.

How long is my session valid for?

Whether you login using a password or an external login provider, your session is good for 7 days currently.

Can I use Identity Providers (IDP) other than Okta and OneLogin?

Yes. We have only tested with those two providers but any other compliant provider should work as well. Please contact us with any issues.

What is Testable's ACS URL?

If you are using a custom IDP you may need to configure our Assertion Consumer Service (ACS) url. It is https://[subdomain].testable.io/api/login/ext/callback/saml.