This guide is intended for IT administrators requiring further assistance with the initial set up with SAML. If you use Microsoft Entra ID (SAML), OKTA or G-Suite, this guide is relevant to you.
Whilst this article provides the instructions for configuring single sign-on within Plexus, you may also like to open a separate tab for the help article describing the steps for Microsoft Entra ID (SAML), G-Suite or OKTA.
Select your single sign-on provider
Step 1. Head to the main menu option for Settings and then Account. Select the tab for Single sign-on.
Step 2. Select SAML from the Select a provider dropdown.
Configure your SAML settings
Your chosen SAML provider will have fields for a single sign-on URL and Audience URI. Click to Copy and paste the related fields directly into your single sign-on set-up.
Refer to the specific instructions for pasting these fields into Microsoft Entra ID (SAML), Okta and Google Suite.
You will also have the option to Download signature certificate.
Clicking this button will provide you with an optional certificate to upload to your SAML provider where it asks for a Signature Certificate or Verification Certificate; the wording depends on the provider and is not a mandatory step.
Enter your domain details
The domain details section allows you to enter the domains that you would like to use to allow users to log into Plexus. For most organisations, you are likely to have a single domain. An example of this might be
plexus.co
Enter this into the "primary domain" field.
Note: Only one domain should be entered into the primary domain field.
If your website has a diverse range of email domains, you can enter your alternative domains below, separating each domain with a comma. For example:
plexus.co,plxs.com.au,legalgateway.com.au
When any user whose email contains these domains attempts to log into Plexus, they will be redirected to the log-in screen for your single sign-on provider.
Map the attributes
Given that there are a range of different SAML providers, we have provided generic app attributes for you to copy and paste into your single sign-on provider. These are:
Plexus app attributes
1. first_name → Storage of user's first name
2. last_name → Storage of user's last name
3. email → Logging in and sending communications
4. name → Used to address your user e.g “Good morning, Jane”
However, this guide goes into detail on the more specific attributes that you might like to refer to if you require further context. For example:
Google/G-Suite gives a list of headings for you to map these attributes to. Therefore, the attributes on your screen should read:
G-Suite
Primary email → email
First name → first_name
Last name → last_name
First name → name
For Microsoft Entra ID (SAML), the Plexus attributes are mapped to the available source attributes:
The Name first_name field will map to the Source attribute user.givenname
The Name last_name field will map to the Source Attribute user.surname
The Name email field will map to the Source Attribute user.mail
The Name name field will map to the Transformation field, Join (user.givenname, “ “, user.surname)
And for OKTA, the Plexus attributes are mapped to the OKTA attributes, and so the attributes on your screen should read:
OKTA
first_name → user.firstName
last_name → user.lastName
email → user.email
name → user.displayName
Where your single sign-on provider requests a "Name Format", select the dropdown option for “Unspecified”.
Finalise the configuration
To link everything up, take the single sign-on URL from Microsoft Entra ID, OKTA or G-Suite and paste it into the Plexus field for Identity provider single sign-on URL.
Your Microsoft Entra ID, Google or Okta single sign-on provider will also prompt you to download a certificate. Use the drag and drop field under the Upload certificate field to upload that file from Google, Microsoft Entra ID or Okta to Plexus.
Plexus will provide you with the details of the certificate and when it expires.
Note: Any user listed under Notifications will receive notifications as your certificate expiry date approaches and lapses.
Click Save at the top of the screen once you are done.
Enable your SAML set-up
Within Plexus you have an option to Enable or Disable your current SSO setup. Once your initial configuration is saved and you are ready to proceed, click the relevant button to the right of the screen to Enable SAML.
Refer to the guide on managing existing single sign-on configurations if you wish to modify these settings further.
Need further assistance? Reach out to [email protected] for further guidance.