Marq offers SAML and SCIM integrations to Enterprise accounts so that admins can easily manage the users on their Marq teams using their IdPs.
Jump to a section:
|SAML > Overview|
|SAML > Downloading Marq Service Provider Metadata:|
|SAML > Adding IDP metadata to Marq and testing your SAML connection:|
|SAML > Get started|
|SCIM > Overview|
|SCIM > Get started|
Marq's SAML integration allows you to connect Marq to your IdP so that users on your account can quickly and securely authenticate through your IdP using SAML SSO. You can also configure your team's settings so that users are automatically created in Marq when they sign in for the first time after they are assigned the Marq app in your IdP. Follow these general steps to configure SAML to your Enterprise account. Note that you will need admin privileges in both Marq and your IdP to set up the SAML integration.
- Add the Marq app to your IdP and download the corresponding (federation) metadata.
- In Marq, click Team > App Integration > SAML.
- Enter your Marq account domain. The SAML integration will use your domain to generate a Marq sign-in URL that you will supply to your IdP. A user may go directly to this URL to initiate SAML SSO. Make sure to just enter the domain, not the full URL. This must match the value that was specified in your IdP.
- Enter your Marq account domain in the ‘Domain’ field under the ‘Marq Sign in URL’ section. Be sure to enter the domain only, not a full URL. The SAML integration will use your domain to generate a Marq sign-in URL that you will supply to your identity provider. For example, if you were to enter 'acme.com' as your domain, the URL will be https://app.marq.com/saml/sso/acme.com. A user may go directly to this URL to initiate SAML single sign-on.
- Upload the metadata .xml file generated from your IdP to Marq.
Marq SAML integration is now complete. Your Marq account will support SAML single sign-on authentication through your identity provider.
For specific documentation on SAML, please see the following articles:
Downloading Marq Service Provider Metadata:
- In Marq, click Admin > App Integration > SAML.
- Enter what you intended to use as your IdP entity ID in the domain text box. The SAML integration will use your domain to generate a Marq sign-in URL that you will supply to your IdP. A user may go directly to this URL to initiate SAML SSO. Make sure to just enter the domain, not the full URL.
- Download the metadata in the bottom right-hand corner. (If your application uses OID naming conventions please click the OID checkbox before generating the metadata)
Setting Up a Marq SAML 2.0 connection in your IDP:
|SP identifier/entityID/audience restriction:||marq.com|
|ACS/Reply URL primary Index = 0:||https://marq.com/saml/sso/<yourdomain>|
|ACS/Reply URL secondary Index =1: (this is only needed for accounts that use federated SAML metadata)||https://www.marq.com/saml/sso/<yourdomain>|
|SSO Service Binding:||We default to POST, but can work with REDIRECT (please contact us if you are using REDIRECT)|
|nameID:||We prefer working with email, but can work with other values|
|Accepted naming convention||OID naming convention|
Adding IDP metadata to Marq and testing your SAML connection:
- Upload your metadata to Marq at the SAML configuration in the Marq admin panel (we only accept XML files, so you may need to convert your text to an XML file)
- Once the metadata is uploaded you can use the Test SAML Connection button below the populated metadata to run a simulated SP sign-on.
Marq's SCIM integration allows you to sync user information between Marq and your IdP, allowing you to make changes to users in your Marq account directly in your IdP. For specific documentation on SCIM, please see this article.
Here are some of the things that the SCIM integration allows you to do:
- Create users in your Marq account without them having to log in
- Update user attributes
- Provision and de-provision users
- Deactivate users, meaning they will no longer have a license, be able to log in, or have access to any projects
- Define licenses for users
Before you can configure SCIM with your Marq account, please ensure the following:
- You are on a Enterprise account with an up-to-date pricing plan
- Your account has auto-upgrades enabled. See the Licensing Setting article for instructions on how to adjust this setting
Follow these steps to configure SCIM for your Marq account:
- Add the Marq SCIM app to your IdP
- In Marq, navigate to Team > App Integration > SCIM
- Click “generate token.” Doing so will generate a unique token to be shared between Marq and your IdP. This bearer token will be used to authenticate requests. Copy this bearer token to your clipboard.
- Configure your IdP to use SCIM with the bearer token and base URL provided by Marq.
Ready to get started? Choose your SAML/SCIM provider below for more instructions.