Enterprise Single Sign-On (SSO)

Enterprise single sign-on (SSO) is only available for Organisations on the Enterprise Plan.

Overview

Enterprise Single Sign-On (SSO) creates a secure bridge between DinMo and your organisation's infrastructure, allowing authentication data to be sourced directly from your identity provider (IdP). This replaces traditional email/password-based authentication providing seamless and centralised access management.

With Enterprise SSO, you can efficiently manage large teams using third-party IdPs like Google Workspace . DinMo continuously expands its list of supported IdPs. If your preferred IdP is not currently available, feel free to contact us for assistance.

DinMo's SSO implementation is based on the widely adopted SAML 2.0 protocol, ensuring secure and standardised integration with your authentication system.

The DinMo SSO is activated at the DinMo organisation level and available for all related workspaces.

How to setup SSO Using Google Workspace

In Google Workspace

Step 1: Create a custom SAML application for DinMo

  1. Sign in to your Google Admin account as an admin

  2. Go to Apps/Web and mobile apps.

  3. In the upper panel, select Add App

  1. Choose Add custom SAML app from the suggested options

  2. Name your App DinMo and click Continue to access the Google IdP page

Step 2: Collect the SAML app details

  1. Make note of SSO URL and the Entity ID. You will need them to configure the SSO for your DinMo organisation.

  2. Download the Certificate

  3. Click Continue to proceed to the app configuration.

Step 3: Configure Google SAML SOO in DinMo

  1. Sign in to your DinMo workspace as an organization admin

  2. Go to your organization management space

    • Click on your workspace name in the top left navigation menu.

    • Select Manage Workspaces.

    • Go to the Organization Settings tab.

  3. Click on Configure Google SAML SSO button

  1. Fill in the Authentification Settings:

  • SSO Portal Key: Choose a unique key to identify your SSO organization (e.g., <company-name>_SSO).

  • Sign on URL: Enter the SSO URL collected in Step 2.

  • Application Identifier (Entity ID): Enter the Entity ID collected in Step 2.

  • Click Save

  1. Collect the generated values:

  • DinMo’s Entity ID

  • DinMo’s Callback URL

  • Your Portal URL: The URL used to connect to your DinMo workspace through SSO.

Step 4: Complete the SAML App Configuration in Google Workspace

  1. In the ACS URL field, enter DinMo’s Callback URL collected in the previous step.

  2. In the Entity ID field, enter DinMo’s Entity ID collected earlier.

  3. Click Save.

Step 5: Limit Access to Authorized Users (Optional)

For additional security, you can restrict access to your DinMo workspace to authorized users only in your IdP. To enable this, toggle the Enable SAML-only authentication option.


FAQ

Does DinMo support Just-In-Time (JIT) provisioning?

Currently, DinMo doesn’t offer JIT user provisioning. If an SSO user doesn’t have an existing DinMo account, their account won’t be created automatically.

To add users:

  • Log in to your DinMo workspace.

  • Invite the user to join your workspace.

  • Assign the appropriate roles and permissions by navigating to Settings > Members and managing roles on the Users & Permissions page.

Last updated