Configure single sign on (SSO)
Setting up SSO for Maverics enables you and other users invited to your account to log into Maverics using the Enterprise SSO option. Once SSO has been set up for your account, new users must be invited to the account by the owner.
Additionally, users within the same email domain (for example, [email protected] and [email protected]) must sign into Maverics using the Enterprise SSO login button. If they attempt to log in using other social sign-in methods, they will encounter a warning to sign in with Enterprise SSO.
Prerequisites
- You must be the owner of your account.
- You must have administrative access to your identity provider.
- You must have administrative access to the DNS settings of your domain.
Setting up your provider
Maverics SSO supports an OIDC connection with any identity provider, including:
Your provider must return the email
claim (email
cannot be blank). Maverics will also read given_name
and family_name
claims.
Configuring account SSO in Maverics
- Click your email address in the upper right corner of the screen and click Accounts.
- Click the account name you’d like to edit.
- Click the Single Sign On Settings button.
- Provide the following information:
- Issuer URL: the URL of your identity provider
- Client ID: the client ID of the application you set up in your identity provider
- Client Secret: the client secret of the application set up in your identity provider
- Click Save.
- Copy the Redirect URI that populates, and enter it in the settings of your identity provider.
- Proceed to the Domains tab and see the instructions below.
Managing domains
In the Single Sign On Settings window, the Domains tab lists all domains you’ve configured with verification and status indicators.
- In the Domains tab, enter your domain name in the text box and click the plus (+) sign.
- Copy the name/host/alias that populates. Add this value to the DNS settings of your domain.
- In the DNS settings of your domain, add a new TXT record. Copy the value from Maverics and paste this into your DNS settings.
- Click Save.
- Maverics will attempt verification with your DNS every 30 seconds, however domain verification may take up to 48 hours.
- Once the domain has been validated, it will appear in the Domains list with a toggle switch. After validation, the domain is disabled by default. You must enable SSO for a domain by toggling the switch to the On position.
- You can disable SSO for the domain by toggling the switch back to the Off position. Use this feature with caution.
When a domain is enabled in SSO, users within the same email domain (for example, [email protected] and [email protected]) must sign into Maverics using the Enterprise SSO login button. If they attempt to log in using other social sign-in methods, they will encounter a warning to sign in with Enterprise SSO.
If a domain is disabled, users who have already accessed Maverics with Enterprise SSO will be prompted to log in with another social sign-in method.
You can also delete a domain using the trash can icon; however, if you want to use this domain again in the future, you will need to re-enter the details and re-verify the domain.