For security reasons, your company may choose to use single sign-on (SSO). This is a unique authentication system that enables you to connect to several platforms using the same email address and password.
AB Tasty lets you implement SSO through SAML 2.0, an open-standard data format for exchanging authentication and authorization information. AB Tasty’s SSO feature allows you to secure your workspace and control your users’ access. All your team members can log in to AB Tasty using one set of sign-in credentials from existing authentication providers. SSO is an email-level feature that will apply across all projects and experiments.
When you use SSO, our platform automatically links AB Tasty to your professional portal.
Activating SSO in your AB Tasty account
Prerequisites:
- You can configure an Identity Provider (IP) for the AB Tasty service
- Your Identity Providers can communicate with AB Tasty – some Identity Providers are limited to internal communication, which blocks the use of SSO with AB Tasty
- AB Tasty only manages SP-initiated SSO, so please ensure your Identity Provider is compatible
To continue the SSO integration process on your account, please contact your CSM or Key Account Manager who will send you all the required details. After you have provided the required information, our support team will verify the SSO integration. Once the verification is done, we will enable SSO for your account(s). Our support team will be in contact with you throughout the whole process.
Logging in to the AB Tasty platform with SSO
New email invitation
When a new user is added to a customer account, they automatically receive an email. To log in to this account from the email, follow these steps:
- Click the Login button in the email – AB Tasty detects the domain of your address and automatically redirects you to your company portal
-
In the dedicated fields, enter your professional email address and password and click Login – if you have access to the AB Tasty platform, the test dashboard will be displayed
SSO login
Once SSO is enabled in AB Tasty, all users will have to log in via SSO.
Good to know 💡
Once SSO login is enabled on your account, the ability to log in with an email password will be disabled, meaning that you can no longer log in to your AB Tasty account by manually entering your password.
To sign in to your AB Tasty account using SSO, follow these steps:
- Go to the login page and click Login with SSO, or go directly to https://auth.abtasty.com/ssologin
- Enter your professional email address in the email field and click Sign-in
-
You’ll automatically be redirected to your provider to authenticate or, if you are already authenticated, you’ll be redirected to the AB Tasty platform
SSO: Okta SAML Integration Guidelines
Base settings
On your Okta account, go to the admin settings http://{your-workspace}-admin.okta.com
On the left panel, click on Applications > Applications, then Create App Integration
Create a new application integration by selecting SAML2.0, then go Next.
Create SAML Integration
-
General Settings
App name
AB Tasty App logo (optional)
https://www.abtasty.com/wp-content/uploads/2024/03/ABTasty_Marque_Blue_150.png -
Configure SAML
Single sign on URL
Please contact your CSM to get the URLs Audience URI (SP Entity ID):
Please contact your CSM to get the URLs *please use lowercase and replace space with hyphen. E.g. My Company Name = “my-company-name”.
Name ID format
EmailAddress
Application user name
Email
Attribute Statements (optional)
Name: mail
Value: user.email
-
Feedback
Finalize the last step following this configuration
Get metadata.xml file
-
SAML signing certificates
Go back to the App settings, then click on the Sign On tab and scroll down to the SAML Signing Certificates section.
👍 In case of a close expiration date of the certificate, please generate a new one and send the xml file to your support contact in order to update config.
Make sure the current certificate is Active, then click on Actions>View IdP metadata
Your metadata.xml file is created:- Save the file named yourcompany.xml
- Once the configuration is done, please send the metadata.xml file to your CSM along with testing credentials(a temporary user account, e.g.abtasty@yourdormain.com).
If you can’t create those testing credentials, ask your CSM to plan a screen-shared video call to activate the QA and login with SSO on your AB Tasty account.
-
User assignments
This section will allow access to abtasty-idp for a *single user or a group:
SSO: Microsoft Entra ID (former Azure Active Directory) SAML Integration Guidelines
Adding AB Tasty to your Microsoft Entra ID
Prerequisites:
If your organization uses Microsoft Entra ID to access applications, you can use it to sign in to AB Tasty as well. To create AB Tasty application to your Microsoft Entra ID tenant, you must have a Microsoft Entra ID account with one of the following permissions:
-
One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
To use Microsoft Entra ID to access AB Tasty, you first need to add it as a new SAML application within Microsoft Entra ID, then add the connection information for Microsoft Entra ID to AB Tasty.
Creating a new SAML application
-
Log in to your Microsoft Entra ID account with the required permissions.
-
On the home page, enter Enterprise applications in the search bar or left panel.
-
On the Enterprise Applications page, select + New Application.
-
In the Microsoft Entra ID Gallery, select + Create your own application.
-
In the Create your own app window, name your new app "AB Tasty".
-
Select Integrate any other application you don't find in the gallery (Non-gallery).
-
At the bottom of the window, select Create to create your new app.
Use the Overview page to finish setting up the application.
Configuring AB Tasty to use your Microsoft Entra ID SSO
-
On the Overview page select Single sign-on from the navigation menu, or click on Set up Single sign on card.
-
On the Single sign-on page, select SAML.
-
Go to the Basic SAML Configuration section and select Edit.
-
Fill these values in Microsoft Entra ID under Basic SAML Configuration
-
Use the Recipient URL provided by your dedicated CSM*
Identifier (Entity ID): Please contact your CSM to get the URLs Reply URL (Assertion Consumer Service URL): Please contact your CSM to get the URLs
Sign on URL (Optional): https://app2.abtasty.com/loginsso
Relay State (Optional): https://app2.abtasty.com/experiments
Logout Url (Optional): https://app2.abtasty.com/logout
-
Select Save to save these changes.
-
Go to the SAML Certificates section on the SAML-based Sign-on page. Download Federation Metadata XML.
*Please send the file to your dedicated CSM.
Users and groups
This section will allow users/group to access the new application on Microsoft Entra ID and/or login from AB Tasty login page* (https://app2.abtasty.com/ssologin).
*Please make sure all Microsoft Entra ID users authorized to login AB Tasty also have an AB Tasty account.
FAQ
How can I configure SSO?
Please contact your dedicated CSM or Key Account Manager to enable SSO on your account(s).
My company uses a custom SSO solution. Is AB Tasty compatible?
AB Tasty is compatible with any authentication solution as long as it’s a SAML 2.0. If you have any questions, please reach out to support@abtasty.com. We can help you with the integration process.
How long do SSO-based sessions last?
The SSO session will expire after 8 hours of inactivity.
Once the SSO is enabled, can my company’s users still sign in using an email password?
No. Once SSO is enabled on your account, the use of an email password will be disabled for all members of your organization.
Can I add external collaborators who don’t have SSO credentials to my SSO-enabled account?
Yes. External contributors such as partner agencies will remain able to log in using an email password, as long as they’re not using your company email address.
Can existing or new collaborators on my SSO-enabled account access the account if they don’t have SSO access through my company?
Only collaborators with SSO credentials with your organization can access your SSO-enabled account with their company email addresses.
Good to know 💡
To manage users’ access to your account(s), please read the following article. You will need to revoke a user’s access to your Identity Provider as well.
If SSO is disabled, how will the users access the account? Can they use their old email address and password?
Yes. Once SSO is disabled, users can input their email addresses and password to access their accounts.
Can users who have never set up a personal password use the Forgotten password?
Link to set one up. After this, they can use the email address and the new password to sign in to their account.
How do I log in to my non-SSO accounts?
You will be able to log in to your non-SSO accounts by entering your professional email address and password from the login page. Once connected to the AB Tasty platform, you can switch between any account you have access to (SSO-enabled or non-SSO-enabled).
My company has enabled SSO, but I cannot sign in using SSO from my email ID.
Verify that your email is added as a user in the AB Tasty account. If it is, and you are still unable to sign in, please contact support@abtasty.com.
How do I revoke a user’s access?
To revoke a user’s access in the AB Tasty platform, please read the following article. In addition, you will need to revoke the user’s access in your Identity Provider, too.