You can configure Testsigma to allow Single Sign On(SSO) for your users. This way, they do not have to provide separate login credentials for Testsigma if they already have SSO configured in their organization. The authentication of the user is done by any SAML provider you configure on your side and the user attributes like Email address are sent back to Testsigma.


Here are a few entities that you need to be aware of before we move onto the details:

A user

The person requesting access to the service. In this case, Testsigma App

A service provider

The application providing the service or protecting the resource. In this case, Testsigma SSO Login

An identity provider

The service/ repository that manages the user information. It may be Okta, Onelogin, Azure AD, or an in-house IdP/IAM Implementation


Enabling SSO in Testsigma

Navigation: Configuration > Security


The security page looks as shown below:


Clicking on the Set up button takes us to the Identity Provider(IdP) selection page. You have two options here:

I. Google SSO

II. SAML


I. Google SSO

Using the Google SSO is very simple. If you have G-Suite enabled for your Testsigma Account login credentials, you can just select the 'Google' option and click on Confirm button. This will enable the Google SSO for Testsigma and the next time you are logging in, you would  need to use the Google Account to log into Testsigma.


Note: If you are currently not logged into your Google Account, this option would be disabled. Please click on the link to log into Google first.


II. SAML

You can use this option If your organization uses Identity Providers such as Okta, Onelogin, Azure AD e.t.c or an in-house implementation of Single Sign On Provider(IAM).


Click on the SAML radio button to select the SAML login option. You would need to enter the following details in Testsigma to use the SAML option:

Entity ID: Entity ID is usually a URL or other identifier given by the Service Provider (SP) that uniquely identifies it. It's often part of a metadata file (an XML file with a certificate, entity ID, and endpoint URLs). You would get this from the IP (Okta, Onelogin e.t.c).


SSO URL: The user gets redirected to this URL when they select the SAML SSO Login in Testsigma. Enter the following value here:

https://app.testsigma.com/login


SAML Certificate: SHA-256 certificate provided by the Identity provider that Testsigma uses to validate the authenticity of the Identity provider.


Obtaining the Configuration details from IdP(Okta, Onelogin e.t.c)


Okta as IdP

You can add Testsigma app in Okta using the steps below:

1. Log into Developer/Admin console of your Okta account. You will find the dashboard as shown below:


2. Click on the Applications menu and then click on 'Add Application' button. The Create your Application page shows a wizard with 2 steps. 

3. Select your Application type there - Web and click on Next button.

4. In the Application Settings page that opens up



1. Log in to your Okta account and search for "Testsigma" under Add applications

2. Enter your Testsigma site name in the Subdomain field and click Done.

3. Click 'View Setup Instructions' under the Sign On tab to get the Login URL, SAML Certificate

These are required and need to be pasted in your Testsigma User Interface while enabling SAML.


OneLogin as IdP

You can add Testsigma app in Onelogin using the steps below:

1. Log in to your Onelogin account and search for "Testsigma" under Add Apps. Click Save after selecting the Testsigma app.

2. Enter your Testsigma site name in the Testsigma subdomain field under Configuration tab and click Save.

3. Go to the SSO tab and get the SAML 2.0 Endpoint (Login URL) and X.509 Certificate (SAML certificate)

These are required and need to be pasted in your Testsigma User Interface while enabling SAML.


Azure AD as IdP

You can add Testsigma app in Microsoft's Azure Active Directory using the steps below:

1. Sign into your Microsoft Azure site(through portal.azure.com).

2. Go to Azure Active Directory> Enterprise applications> New application> Non-gallery application and add an application by naming it as "Testsigma".

3. Now, go to the newly created Testsigma application and select Single sign-on found on the left pane and select SAML.


Click edit against the Basic SAML Configuration section and enter

https://acme.chargebee.com - for Identifier(Entity ID) field

https://app.chargebee.com/saml/acme/acs - for Reply URL field. Replace acme with your Testsigma site name.

Scroll down to the Setup Testsigma section. Copy the Login URL and paste it in the field provided in Testsigma's SAML Configuration page.


In the SAML Signing Certificate section, Use the URL given against App Federation Metadata URL and copy the content present between the start and end tags of «X509Certificate». Paste it in Testsigma's SAML Certificate field.


Configure SAML in Chargebee

1. Login to Chargebee and navigate to Settings > Security > Single Sign-on > Setup.

2. Select SAML and click Confirm.

3. Paste the Login URL and the X.509 Certificate retrieved from the IdP.