Single Sign On (SSO)

Table of Contents

SAML 2.0

By default, login to Testable is done using a password that is setup on the Testable platform. Testable also supports Single Sign On via full compatibility with the SAML 2.0 standard as a Service Provider (SP). Login can be initiated from Testable or from your Identity Provider (IDP) if they support that flow.

This allows for integration with any leading SSO vendor, Active Directory, Google, etc.

Setup - IDP Side

We include directions here for a few IDPs but any SAML 2.0 compatible IDP should work.

Settings

  1. Entity ID: https://[subdomain].testable.io/api/login/ext/callback/saml
  2. Assertion Consumer Service (ACS) URL: https://[subdomain].testable.io/api/login/ext/callback/saml

Your [subdomain] is also configured on the Testable side and can be any 3+ characters that is not currently in use.

Attribute Mappings

Testable uses the nameID to get the email address. The following attributes are also used to set the user's name:

  1. fullName (no namespace). If set, we will use this value to set user's Name in their profile.
  2. firstName and lastName (no namespace). If fullName is not set we will look for these two attributes and if available set the user's Name to [firstName] [lastName].

Once you complete your setup, make sure to download the IDP Metadata XML and then continue onto the Testable side setup.

OneLogin

This section describes the steps on the OneLogin side to setup Testable.

  1. Login to your OneLogin account.
  2. Press the New App button in the upper right.
  3. Type "Testable" in the search box and select it.
  4. Press the Save button in the upper right
  5. Go to the Configuration tab and type in the same subdomain you setup within Testable. Press the Save button again.
  6. Click More Actions -> SAML Metadata to download the metadata. Open the file and paste the contents on the Testable side as part of the SAML setup.

Once you've done this and the SAML setup within Testable you are all set to login via https://[subdomain].testable.io.

Okta

Okta setup steps are documented on their site.

Setup - Testable Side

  1. Login to Testable using password authentication (or sign up for an account first).

  2. Go to Org Management => Settings => Authentication and check the SAML 2.0 Authentication box.

    SAML Auth Setting

  3. Fill in the required information

    1. Provider: The Identity Provider (e.g. Okta, OneLogin). Any provider which conforms to the specification is eligible.
    2. IDP Metadata: Metadata provided by the IDP as part of the setup process. See the below sections for steps to follow on OneLogin and Okta. Any IDP should have something similar.
    3. Team Login: Choose a subdomain from which you will initiate login to Testable (https://[subdomain].testable.io). This is the subdomain that you configured on the IDP side as well.
  4. After setting up the IDP Go to https://[subdomain].testable.io and login.

FAQ

If I login via external login am I still allowed to use a password to login to Testable?

No. Once you start authenticating via an external provider your password will be removed from Testable. If you want to switch back to password authentication, you must login via your team's login page (https://[subdomain].testable.io), go to Account => Profile, and switch the Authentication Source back to Password.

My company has setup external login for our account. Do we need to provision every user on Testable?

No. Once a user successfully authenticates for the first time, Testable will automatically create an account for them and associate it to your organization. No further action required.

How long is my session valid for?

Whether you login using a password or an external login provider, your session is good for 7 days currently.

Can I use Identity Providers (IDP) other than Okta and OneLogin?

Yes. We have only tested with those two providers but any other compliant provider should work as well. Please contact us with any issues.