Roadmunk supports using Single Sign-on (SSO) to login into the Roadmunk app. With SSO, a user can log in to their account using their SAML credentials from providers such as Okta and OneLogin. The benefit of using SSO is that users no longer have to remember a separate username and password combination for each app they use. It also provides an easy way to enforce your company's security policies, ensuring that users are only logging into Roadmunk using authorized methods. 

How can I set up SAML on my account?

In order to setup SAML SSO on your account, please have your IT administrator contact support@roadmunk.com. SAML SSO is available on Professional and Enterprise plans. For more details on pricing, check out our pricing page.

Logging into Roadmunk with SAML SSO

Once SAML SSO has been setup on your account, it's easy to login to Roadmunk and start creating beautiful roadmaps.

Inviting users to an account with SAML SSO enabled

Roadmunk makes onboarding the rest of your team onto your account easy by ensuring they comply with your companies security policies, using only approved methods to login to the app. Team members invited to an account with SAML SSO enabled will be able to create an account using their SAML SSO credentials. 

As an invited user: 

  1. Navigate to your inbox and find the invite email
  2. Click the Join your team button
  3. On the account creation screen, click Get Started
  4. On the next screen, click Login with SSO, and provide your SAML credentials
  5. Proceed through the remaining account creation steps

Enforcing SAML SSO across the whole account

To ensure that users comply with company security policies, Account Admins have the option to enforce SAML SSO as the only login method users can use to access Roadmunk. 

Once SAML SSO has been enabled on an Account Admins account: 

  1. On the Roadmap navbar, find the Settings icon
  2. In the dropdown, select Account Settings
  3. Click on the Company tab 
  4. Toggle the Enforce SAML Single Sign-in Only button to enable this option

NOTE: Enforcing SAML will delete all other authentication methods on the account. The next time users access Roadmunk, they must do so through the Login with SSO button on the login page. Any users logged into the account prior to the account admin enforcing SAML, will receive an email with instructions on how to setup and log in to Roadmunk using their SSO credentials.  

Supported providers

Roadmunk supports several SAML providers including (but not limited to):

  • PingOne
  • Okta
  • SSO Circle
  • Bitium
  • OneLogin
  • ADFS
  • Azure

Provider-specific SAML SSO configurations

Okta

To get Roadmunk set up on Okta, click the Create New App button in the Add Application section of the Okta Admin dashboard and enter the following details:

Under Show advanced Settings set:

  • Response: Signed
  • Assertion Signature: Signed
  • Signature Algorithm: RSA-SHA256
  • Digest Algorithm: SHA256
  • Assertion Encryption: Unencrypted
  • Enable Single Logout: Unchecked
  • Authentication context class: Unspecified
  • Honor Force Authentication: Yes
  • SAML Issuer ID :http://www.okta.com/${org.externalKey}

For step three, leave the default options.

Once this is done, Okta will display a page with a View Setup Instructions button. Please send Roadmunk the information that is displayed on that page as we will need to integrate those values on our side. Details should be sent to support@roadmunk.com

OneLogin

The team at OneLogin has created their own help centre article on setting up with Roadmunk. The steps are reproduced here.

  1. Log into OneLogin as an admin and go to Apps -> Add Apps.
  2. Search for and select the Roadmunk SAML connector. The initial Configuration tab appears.
  3. Click Save to add the app to your Company Apps and display additional configuration tabs. The Info tab appears.
  4. Go to More Actions > Download SAML Metadata and download the metadata.    Send the metadata to Roadmunk Support at support@roadmunk.com.  Roadmunk will configure the Roadmunk account with OneLogin's SAML settings.
  5. Once receiving confirmation, login into Roadmunk go to Account Settings -> Security -> Add a Login Method. Choose the new login method configured.
  6. Inside OneLogin, go to the Parameters tab and ensure the Roadmunk attribute is mapped to the email attribute in OneLogin. Ensure that Credentials are Configured by admin. 
  7. Click Save.
  8. On the OneLogin Access tab, assign the OneLogin roles that should have access to Roadmunk and provide any app security policy that to apply to Roadmunk. Go to Users -> All Users to add the app to individual user accounts.
  9. Click Save.
  10. Test the SAML connection. Ensure that user accounts exist in both OneLogin and Roadmunk that use the same value as the username. Click the Roadmunk icon on the OneLogin dashboard. 

Roadmunk only supports SP-initiated SAML, so click the SSO Login button in Roadmunk.

Did this answer your question?