Go to Mural
All Collections
Mural for Enterprises
SSO (single sign-on)
Business SSO

Business SSO

Quickly, easily, and securely grant members access to MURAL using SSO on your Business plan.
Brian Saladino avatar
Written by Brian Saladino. Updated over a week ago

To make it easy and secure for members of your Business plan to access MURAL, you might choose to implement SSO (single sign-on). SSO allows members to authenticate into MURAL with their company’s network credentials.

Note: If you’re on a MURAL Enterprise plan, refer to our Enterprise SSO article instead.

SSO works by forming a relationship between two parties: a SP (Service Provider) and an IdP (Identity Provider). In our case, MURAL is the SP. So, to configure SSO, you need to set up a connection between MURAL and an IdP so MURAL can accurately verify your collaborators’ identities.

There are a number of IdPs to choose from. Two of the most common IdPs are Microsoft Azure Active Discovery and Okta. Since these are widely used, we offer dedicated integrations to set up SSO if you’re using either of these IdPs.

To use Azure Active Discovery as an Identity Provider, install our Azure connector. Then, follow the Azure instructions. When instructed to configure MURAL, refer to the Email IdP data to MURAL support section of this article.

To use Okta as an Identity Provider, install our Okta connector. Then, follow the Okta instructions. When instructed to configure MURAL, refer to the Email IdP data to MURAL support section of this article.

If you’re using an IdP not mentioned above, this article walks you through how to set yours up.

Note: The following steps cover approximately half of the required configuration for an SP-initiated flow. At the end of this article, you’ll be instructed to contact support@mural.co to complete the configuration.

Contents

Download MURAL’s metadata

Configuring SSO is an exchange of information between MURAL and your IdP. We provide all the information you need from MURAL in a metadata file. You can download the file here.

Configure the IdP

With MURAL’s metadata in hand, you can now configure your IdP. Each IdP requires different information, and the steps to input that information also vary. Still, you’ll find everything you need in the metadata file you just downloaded. Most IdPs require these common values:

Within your IdP, you also need to configure a few specific attributes for SSO to work properly with MURAL. The required attributes are:

  • Name ID (must be formatted as an email address).

  • Email.

  • First Name.

  • Last Name.

You can also configure these optional attributes with your IdP:

  • Avatar: Assigns a collaborator’s picture to their MURAL account, if available.

  • External ID: A unique identifier in your user directory that wouldn't change even if the user's email changes. For example, an employee identification number would be a unique identifier.

If you need help at any point during this step, refer to your IdP’s documentation.

Download IdP metadata

Once you finish configuring your IdP, you should have the option of downloading a version of their metadata in an XML file. This serves the same purpose as the metadata you downloaded from MURAL, except now you’re going to share this metadata file with MURAL support so they can add it to your MURAL account.

Remember, every IdP is different. So, if you need help downloading the IdP’s metadata, refer to their documentation. And once you have the metadata, move on to the next section.

Email IdP data to MURAL support

The next step is to configure MURAL so it recognizes information from your IdP. MURAL support will complete this step. All you have to do is send an email to support@mural.co with the following information:

  • The IdP metadata file (downloaded in the previous section).

  • Attributes for Email, First name, and Last name (as configured with your IdP above).

  • Domains of your organization to trigger the SSO login flow (for example @businessname.com).

  • Attributes for Avatar and External ID (optional).

With this configuration complete, your collaborators will no longer have to enter a MURAL-specific login. Instead, they can log in using their existing company credentials.

Note: Keep in mind that collaborators in a MURAL Business plan must be invited into the main workspace by the workspace administrator in order to access MURAL. This differs from a MURAL Enterprise plan, which allows company administrators to set up default workspaces collaborators can access automatically. For information on inviting collaborators, see our inviting collaborators to a workspace article.

Did this answer your question?