Configuring Integration with Identity Providers
This functionality is available on Onshape's browser, iOS, and Android platforms.
Before starting the integration process, you must have requested, and been approved for, an Onshape Enterprise account or trial, and have an Onshape Enterprise domain name.
An example of an Enterprise domain name might be: MyCompanyName.onshape.com.
Note that you can use only one single sign-on (SSO) provider at a time.
Onshape supports the following identity providers for single sign-on (SSO) purposes:
The set up for each of these identity providers varies and is explained in separate topics, but the overall steps are similar to these:
- Add Onshape to your single sign-on account.
- Download the required configuration file from your single sign-on account.
- Upload the configuration file into Onshape.
- In your Onshape administrator account, enable the single sign-on provider for your users.
- Do a hard refresh of your Onshape sign in page, then sign in with your SSO credentials.
Onshape signs all outgoing SAML certification requests. You are not required to upload any certificates (for example, an SAML signing certificate), except in the case of ADFS integraion because ADFS validates incoming SAML requests.
Administrators can enforce Enterprise users to sign in to Onshape with only the configured SSO method and prevent signing in to the non-enterprise domain by toggling Disable Onshape password sign in.
For more information on integrating with a specific identity providers see the topic explaining the particular provider you use.