Overview

PagerTree offers several providers for single sign-on (SSO), and uses the SAML 2.0 protocol. SSO is supported on both the Web Application and Mobile Apps.

Note: Single Sign-On (SSO) requires the custom pricing plan.

Login via SSO

After SSO has been configured on your PagerTree account, users can sign-in via your Identity Provider’s (IdP) application widget or the PagerTree SSO Login Page. All users will be forced to login via your Identity Provider, except those users with administrator permissions in PagerTree. Users with Administrator permissions may login via IdP or PagerTree credentials.

To access the PagerTree SSO login:

  1. Go to the PagerTree login page
  2. Click the Login with SSO link SSO Login Link
  3. Enter your IdP email, and click Log In SSO Login Screen

Enable SSO

To enable SSO you must be on the Elite pricing plan and be an administrator of your PagerTree account.

  1. Navigate to the Settings & Billing page.
  2. In the left hand column, click the Edit button. Click Edit
  3. Toggle the Single Sign-On Switch. Toggle SSO Switch
  4. Continue to the Configure SSO section.

Configure SSO

  1. Select the Provider you wish to use. Select Provider
  2. Continue the steps below based on your Provider selection.

Azure Active Directory

  1. Go to your Azure Portal.
  2. Click Azure Active Directory. Click Azure Active Directory
  3. Click App registrations. Click App Registrations
  4. Click New application registration. Click New Application Registration
  5. In the create blade, New application registration
    1. Name - PagerTree
    2. Application type - Web app / API
    3. Sign-on URL - paste the PagerTree ACS URL Create Blade Settings
  6. On the PagerTree app blade, click Settings -> Properties.
    1. Home page URL - https://app.pagertree.com/#/sso
    2. Click Save. Application Settings
  7. Copy the Application ID. Application Settings
  8. In PagerTree, click the Auto Configure button. Click Auto Configure Button
  9. In PagerTree, paste the Azure Application ID to the PagerTree Application ID field in the popup box. Paste Application Id
  10. In Azure, navigate to Azure Active Directory -> App registrations and click the Endpoints button. Click Endpoints Button
  11. Copy the Federation Metadata Document URL. Copy Federation Metadata Document URL
  12. Paste the Federation Metadata Document URL into the PagerTree Federation MetaData URL field.
  13. Click Configure. Copy Federation Metadata Document URL
  14. In PagerTree, click the Save button. Save PagerTree Account Settings

Google

  1. Go to your Google Admin Dashboard.
  2. Click the Apps icon. Apps Icon
  3. Click the SAML apps icon. SAML Apps Icon
  4. In the lower right hand corner, click the yellow + button. Add App Button
  5. In the Step 1 (Enable SSO for SAML Application) dialog box, click the SETUP MY OWN CUSTOM APP link on the bottom of the box. Click Setup My Own Custom App Button
  6. In the Step 2 (Google IdP Information) dialog box:
    1. Copy the Google Entity ID and paste it in the PagerTree Entity ID field. Copy Entity ID
    2. Download the certificate. Open in a text editor. Copy & Paste the contents of the certificate file to the PagerTree X.509 Certificate field. Copy X.509 Certificate
    3. Click Next.
  7. In the Step 3 (Basic information for your Custom App) dialog box:
    1. Application Name - PagerTree
    2. Description - On-Call. Simplified.
    3. Upload Logo - icon
    4. Click Next. Copy X.509 Certificate
  8. In the Step 4 (Service Provider Details) dialog box:
    1. Copy the PagerTree ACS Url and paste it in the Google ACS Url & Google Entity ID fields.
    2. Ensure the Name ID Format is set to EMAIL.
    3. Click Next. Step 4 Settings
  9. In the Step 5 (Attribute Mapping) dialog box, click Finish.
  10. If everything went correctly you should see a success dialog box. Click OK. Click OK
  11. Click Edit Service. Click Edit Service
  12. Click ON for everyone.
  13. Click Save. Click ON for everyone
  14. From the Google Admin Dashboard navigation bar, click the Apps icon. Organization Apps Button
  15. Click More. Organization Apps More
  16. Right click the PagerTree application icon, and click Copy Link Address. Paste this into the PagerTree SSO Url field. Copy SSO Link Address
  17. In PagerTree, click the Save button. Save PagerTree Account Settings
Note: If you do not see the PagerTree application, you may need to logout and and then re-login to the Google Admin Application.

Okta

  1. Go to your Okta Admin Dashboard.
  2. Go to Applications.
  3. Click the Add Application button. Click Add Application Button
  4. Click the Create New App button. Click Create New App Button
  5. In the Create a New Application Integration dialog box:
    1. Platform - Web
    2. Sign on method - SAML 2.0
    3. Click Create Select Web and SAML
  6. Step 1 (General Settings)
    1. App Name - PagerTree
    2. App Logo - icon
    3. Click Next. Step 1 (General Settings)
  7. Step 2 (Configure SAML)
    1. Single sign on URL - paste the PagerTree ACS Url.
    2. Use this for Recipient URL and Destination URL** - checked
    3. Audience URI (SP Entity ID) - paste the PagerTree ACS Url
    4. Name ID format - EmailAddress
    5. Application username - Okta username SAML Settings
    6. Click Next. Click Next Button
  8. Step 3 (Feedback)
    1. Are you a customer or partner - I’m an Okta customer adding an internal app
    2. App type - This is an internal app that we have created
    3. Click Finish. Step 3 (Feedback)
  9. Click the View Setup Instructions button. Click View Setup Instructions Okta SAML Parameters
    1. Copy the Okta Identity Provider Single Sign-On URL and paste it in the PagerTree SSO Url Field.
    2. Copy the Okta Identity Provider Issuer and paste it in the PagerTree Entity ID field.
    3. Copy the Okta X.509 Certificate and paste it in the PagerTree X.509 Certificate field.
  10. In PagerTree, click the Save button. Save PagerTree Account Settings
  11. In Okta, assign users by clicking the Assignments tab. Click Assignments Tab
  12. Click Assign -> Assign to Groups. Click Assignments Tab
  13. Assign the appropriate groups, by clicking the Assign button, who should have access to PagerTree. Assign Groups
  14. Click Done.

OneLogin

  1. Go to your Admin Dashboard.
  2. From the navigation go to Apps.
  3. Click the ADD APP button. Click Add App
  4. On the Find Applications page:
    1. Search “OneLogin SAML
    2. Click the OneLogin SAML Test (IdP) w/ NameID (unspecified) Search OneLogin SAML
  5. On the Configuration page:
    1. Display Name - PagerTree
    2. Rectangular Icon - icon
    3. Square Icon - icon
    4. Click SAVE. Application Settings
  6. Click the Configuration Tab.
    1. SAML Consumer Url - paste the PagerTree ACS Url
    2. SAML Audience - paste the PagerTree ACS Url
    3. ACS URL Validator - paste the PagerTree ACS Url Application Details
  7. Click the SSO Tab.
    1. SAML Signature Algorithm - SHA-256
    2. Copy the SAML 2.0 Endpoint (HTTP) and paste it in the PagerTree SSO Url.
    3. Copy the Issuer URL and paste it in the PagerTree Entity ID. SSO Details
  8. In OneLogin, click SAVE. Click Save Button
  9. In OneLogin, navigate back to the SSO Tab.
    1. Under the X.509 Certificate section, click View Details. Click View Details
    2. Copy the OneLogin X.509 Certificate and paste it into the PagerTree X.509 Certificate field.
  10. In PagerTree, click the Save button. Save PagerTree Account Settings

Ping Identity (PingOne)

  1. Go to your Admin Dashboard.
  2. From the navigation go to Applications.
  3. Click Add Application -> New SAML Application. Add SAML Application
  4. Step 1 (Application Details):
    1. Application Name - PagerTree
    2. Application Description - On-Call. Simplified.
    3. Category - Productivity
    4. Graphics - icon Application Details
  5. Step 2 (Application Configuration):
    1. Assertion Consumer Service (ACS) - paste the PagerTree ACS Url
    2. Entity ID - paste the PagerTree ACS Url
    3. Click Continue to Next Step. Application Configuration
  6. Step 3 (SSO Attribute Mapping):
    1. Click Save & Publish.
  7. Step 4 (Review Settings):
    1. Copy the PingOne Initiate Single Sign-On (SSO) URL and paste it into the PagerTree SSO Url field.
    2. Copy the PingOne Single Sign-On (SSO) Relay State and paste it into the PagerTree Entity ID.
    3. Download the PingOne Signing Certificate. Open in a text editor. Copy and paste the contents into the PagerTree X.509 Certificate field. Review Settings Copy X.509 Certificate
    4. Click Finish.
  8. In PagerTree, click the Save button. Save PagerTree Account Settings

SAML 2.0

SAML is an XML standard for exchanging authentication data between parties. Using the SAML model PagerTree acts as the Service Provider (SP).

Requirements

PagerTree requires the SSO Url, Entity ID, and X.509 Certificate be provided.

  • SSO Url - The Url where users of your organization can login to the IdP application
  • Entity ID - The issuer
  • X.509 Certificate - Used for assertion verification (Public/Private Key)

SAML Attributes

Additionally your provider might have options for application details. You can use the following:

  • Version - 2.0
  • Assertion Consumer URL (ACS) - https://api.pagertree.com/public/saml/consume?sid=<account_id>
  • NameIDPolicy - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • Encryption - false