Enable Single Sign-On for Your Organization

Before you begin, you must get two pieces of information from your single sign-on provider:

  • SAML 2.0 Endpoint (HTTP) URL (This is sometimes referred to as the “destination” or “SAML Recipient” in Identity Provider systems.)
  • Public Certificate (X.509)

You must have the Organization Admin role to perform this task.

  1. Go to Admin > Organization.
  2. Click Edit Organization Details.
  3. In the User Account Settings section, select Enable Single Sign-On.
  4. In the confirmation message, click OK.
  5. Enter the SSO parameters:
Single Sign-On Parameter Description
Name Identifier Format

Select from:

  • urn:oasis:names:tc:SAML:1.1nameid-format:unspecified
  • urn:oasis:names:tc:SAML:1.1nameid-format:emailAddress
  • urn:oasis:names:tc:SAML:2.0nameid-format:persistent (default)
SAML 2.0 Endpoint (HTTP Redirect) Enter the SAML 2.0 endpoint URL you obtained from your single sign-on provider.
Public Certificate Enter the entire text of the certificate you received from your single sign-on provider. (It is probably easiest to copy-and-paste.
  1. Click Test Settings to validate the Endpoint URL and certificate values provided by your identity provider. Cloud Email Protection calls the Identity Provider with the public certificate credential at the location you enter.

    2. TIP: You may be required to authenticate with your Identity Provider if you are not already logged in there.

  2. Click Save Settings.
  3. In the confirmation message, click OK.
  4. Click Update Information.

At this point, Single Sign-On will be enabled and:

  • All existing users will receive an email that instructs them to use their Single Sign-On identity provider credentials when accessing Cloud Email Protection.
  • Users currently logged into Cloud Email Protection will continue their sessions without interruption; however, they will be directed to the Identity Provider on subsequent login attempts.