Overview
Maze offers SSO as a feature for Enterprise customers who require their team members to log into Maze using their own identity provider. At present, we support Okta and OneLogin using OpenID Connect specifically. This document will walk you through how to configure OneLogin and the steps you'll need to take after you've configured OneLogin to enable Maze Support to finish your SSO setup.
Setting up OneLogin
To get started, you will need to add the generic OpenID Connect app to OneLogin and then configure it for Maze:
- Log into OneLogin as an administrator and click Applications in the top navbar
- Click Add App and search for "OpenID"
- Click on the "OpenID Connect" app published by OneLogin
- Title your app "Maze" and add the rectangular and square logos that you'll find attached, then click Save to add the new app
-
After you've created the app, you'll still need to configure it by clicking into the Configuration option in the left sidebar and then adding the following values and replacing
TEAM_IDENTIFIER
with the identifier you've been directed to use by Maze Support:- Login Url
https://maze.design/login-sso/TEAM_IDENTIFIER
- Redirect URI's
https://sl-api.maze.design/auth/sso/TEAM_IDENTIFIER/callback https://sl-api.maze.design/auth/sso/onelogin/callback
-
Click into the SSO option in the left sidebar and note the following details:
- Client ID
- Client Secret
-
While still in the SSO tab, change the "Authentication Method" under "Token Endpoint" to "POST" and make sure that "Application Type" is "Web" as shown below:
After this, complete the installation the way you would any other application in OneLogin by assigning the application to authorized users. However, your users will not be able to access your Maze instance via SSO until you work with Maze Support to finish your SSO setup.
Completing your SSO Setup
Once you've completed the application installation and configuration steps in the preceding section, an owner or admin on your Enterprise team will need to contact Maze Support to request SSO setup be complete and will need to provide the following details:
- Client ID
- Client Secret
- TEAM_IDENTIFIER (if you used something besides what you were directed to use)
Because these are used to generate SSO authentication requests, they are sensitive information. As a result, we would suggest you share them with Maze Support using https://onetimesecret.com/ or a similar trusted solution rather than including these values as plain text in your support ticket.
Once Maze Support receives these details, we will finalize your SSO setup on this end and then work with you on migrating any users that may need to be migrated to SSO.