Single Sign On with Base

Single Sign On (SSO) with Base allows you to log into your Base account with just one click! SSO is available on the Enterprise Plan, and can be set up with any SAML 2.0 compliant Identity Provider. 

What are the benefits of SSO? 

Setting up Single Sign On for your Base account eliminates the need for you and your account's users to remember separate passwords for Base. As an administrator, SSO helps simplify identity management and increase security compliance with your organization's policies. 

If you're already using an Identity Provider such as Okta, OneLogin, or PingIdentity, setting up SSO with Base is straightforward. 

You can choose any SAML compliant Identity Provider with Base if you don't already have one set up. 

 

How do I set up SSO? 

Single Sign On can be turned on for your entire account from your Base Settings page. As long as you have admin access to Base, you can head to the Settings page in your account and choose the Single Sign On section. 

 

We'll display your Base account's UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to enter in the information in these fields into your Identity Provider. 

You'll also need to bring over your Identity Provider's metadata into Base. Most Identity Providers will offer one URL that will bring over all this information - you can enter that into the Automatic Setup box to complete setup!

If your Identity Provider does not provide a single URL for configuration, you can use the Manual Setup fields to enter in their Issuer ID, SSO URL, and Certificate Fingerprint. 

Once entered, hit Save to complete setup!

How will I log into Base once SSO is setup?

Though you'll still log into Base form our default login page, the experience will be a little different. 

Picture1.pngWith SSO enabled, you and your Base account users will just need to enter in the email address registered to Base. 

Base will automatically verify the email address against your Identity Provider - if you're already logged into your Identity Provider, you'll be automatically logged into Base!

If you're not already logged into your Identity Provider, you'll be taken to their login page to enter in login details. As soon as you're authenticated, you'll be brought back and automatically logged into Base. 

FAQ

Does SSO work on Base's mobile apps? 

Yes! Similar to the web, you'll just need to enter in your Base email address in order to begin the sign in process on your device. Depending on your device, we'll take you to your browser or your Identity Provider's app to complete sign in. 

Will I be able to log in without using SSO after setup?

If you're an Administrator on your Base account, you'll be able to select a "Log in with my Email and Password" option on the Base login page. All non administrator users will need to use SSO to log in. 

How do I change the email address registered to Base?

You'll need to be a Base Admin in order to change the email address registered to Base. All non admin accounts will not be able to change the email address used to log in. 

What are the SSO settings I'll need to know? 

Parameter Name Parameter Value Comments
Single Sign On URL "Service Provider Assertion Consumer Service URL" value from Base settings

This is a custom URL for each Base account, based on UUID generated during SSO configuration.

The same value should be used for Recipient URL and Destination URL if these are defined independently.

Audience Restriction "Service Provider Issuer ID" value from Base settings This is a custom URL for each Base account, based on UUID generated during SSO configuration.
NameID Format EmailAddress  
Application Username Email  
Response Signed  
Assertion Signed & Encrypted  
Signature Algorithm RSA-SHA1  
Digest Algorithm SHA1  
Single Log Out URL    Leave this empty, as it is not supported by Base.
Default RelayState   Leave this empty, as it is not supported by Base.