Skip to main content

Single Sign-On Configurations

Katalon Platform offers users the Ultimate Plan to manage logins with Single Sign-On (SSO) for a more personalized and secure connection. This guide shows how to set up SSO for your enterprise connection.

Important:

Configure an identity provider (IdP)

To configure SSO in Katalon TestOps, you need to generate metadata by setting up an identity provider (IdP).

Katalon supports all SAML IdPs that conform to the SAML 2.0 protocol. You can refer to these 3 platform to configure your IdP:
  • Okta. To learn more about Okta, see: Okta.
  • Auth0. To learn more about Auth0, see: Auth0.
  • Ping. To learn more about Ping, see: Ping.

To set up the IdP, input the bellow values into your IdP settings. Refer to the guidelines provided by the specific platform or IdP service you are integrating with for detailed instructions.

  • Single sign-on SSO URL: https://login.katalon.com/realms/katalon/broker/{custom-domain}/endpoint
  • SP Entity ID: https://login.katalon.com/realms/katalon/broker/{custom-domain}/endpoint
  • Attribute statement: Email
Note:
  • The values for the above configurations are case-sensitive.

  • {custom-domain} is your Custom domain that you have configured. See: Subdomain Configurations.

Metadata of the IdP is usually represented in the form of an XML file and typically provided by the IdP itself. Your metadata is then automatically encrypted in the Katalon database.

Configure Single Sign-On

Important:

As an Owner or Admin, you can configure SSO by following these steps:

  1. Sign in to TestOps Admin.
  2. On the Account admin page, select the Security section on the left bar.
    Security Settings
  3. The Security Settings page displays. Scroll down to the Custom Domain and SSO (Single Sign-On) section.
    Custom Domain and SSO
  4. Toggled on Enable SSO.

    The metadata information text box appears.

    Enable SSO
  5. Enter the metadata from your identity provider.
  6. Click Update.

Once you have successfully set up your SSO Settings, the login settings for all existing users is set to enable login with SSO and disable login with username/password by default.

Enable SSO for new users and existing users

After configuring SSO, you can enable SSO for new users when inviting them to your Organization.

You can also edit the login settings for the existing users of your Organization.

To learn more about User Management in TestOps, refer to this guide: User Management.

For a new user

To enable SSO for a new user, follow these steps:

  1. Go to your Organization, select Users section.
    The User Management page appears.Users page
  2. On the top-right corner of the User Management page, click on the Invite User button.
    User Management page
  3. In the displayed Invite Users to Organization window, insert the new user's email address.
    Invite users windows
  4. In the Login Settings section, toggle on the Log in to [yourcustomdomain.katalon.com] by Single Sign-On option.
    You can select both options, then users can log in to the custom domain by both SSO and username and password.Login Settings
  5. Click next to continue the user invitation process as usual.
An invitation email to join the Organization is sent to the user first. Once the user joins the Organization, they will receive a request email to enable SSO. See: Enable SSO as a user.

Users now can log in to the custom domain with SSO.

For an existing user

To enable SSO for an existing user, follow these steps:

  1. Go to your Organization, select Users section.
    The User Management page appears.Users page
  2. In the Active Users tab, navigate to a user's row, click on the three dots icon, and select Edit Login Options.
    Invite user windows
  3. In the Login Settings dialog, toggle on the Log in to [yourcustomdomain.katalon.io] by Single Sign-On option.
    You can select both options, then users can log in to the custom domain by both SSO and username and password.Login Settings dialog
    1. If the selected user already has a pending SSO invitation, the pop-up will display the invitation link. You can copy this link to send to the user.
      SSO toggle turned on

  4. Click Save to complete the configuration.

A request email is then sent to the selected user. To learn how to enable SSO as a user, see: Enable SSO as a user.

Users now can log in to the custom domain with SSO.

View SSO invitation status

To view the SSO invitation status, go to User Management > Active Users.

SSO signal

Users are tagged with the SSO icon.
  • Green SSO tag: This user has enabled SSO as they have accepted the SSO request.

  • Grey SSO tag: This user has not enabled SSO as they have not yet responded to the SSO request.

Enable SSO as a user

If you are a new user, you must first accept the invitation to join an Organization. Then you will receive the SSO request email.

Follow these steps to accept the request to enable SSO.

  1. Go to your email and find the [Katalon TestOps] Verify Single Sign-On (SSO) authentication email, then click Click here to confirm in the email.

    You will be redirected to Katalon TestOps and see the below request.

    SSO request
  2. Double check the information then click Yes, enable SSO to confirm your action.
After accepting the SSO request, you are automatically navigated to your Subdomain.

Log in to Katalon Studio with SSO

After configuring SSO in Katalon TestOps, follow these steps to log in to Katalon Studio by SSO.
  1. Open your Katalon Studio. The Welcome to Katalon Studio dialog appears. Select Log in from Browser.
    Studio login dialogs
  2. You are redirected to Katalon login page. Select Log in with SSO.
    universal login page
  3. Enter your custom domain, then click Continue.
  4. Depending on the login option set by your Owner or Admin, log in either with SSO or with your username and password, then click Log in.
    Note:
    • You can only use the login option that is set by your Owner or Admin.
Once you log in successfully, you are redirected back to your Katalon Studio.

Revoke pending SSO invitations

As an Owner or Admin of your Organization, you can revoke pending SSO invitations.

For new users

To revoke pending SSO requests for users who have not joined the Organization, follow these steps:

  1. In the User Management page, switch to the Pending Invitation tab.
  2. Select the users with SSO invitations that you want to revoke, then click on the Revoke SSO button.
    user management page
  3. In the Revoke Single Sign-On Invitation dialog, double-check the list of selected users, then click on the Revoke SSO button to confirm.
    Revoke dialog
The SSO invitation links sent to the selected users will be revoked.

For existing users

To revoke pending SSO invitations for users who is already in your Organization, follow these steps:

  1. In the User Management page, switch to the Active Users tab.
  2. In the Active Users tab, navigate to the desired user's row, click on the three dots icon, and select Edit Login Options.
    Edit login option
  3. In the Login Settings dialog, toggle off the Log in to [yourcustomdomain.katalon.io] by Single Sign-On option.
    You can deselect both options, then the users cannot log in to the custom domain either by SSO or username and password.Login Settings dialog