Single Sign-On Configurations

Important:

• You need to subscribe to Katalon Platform Ultimate plan. See: TestOps Trial Plans.

Configure an identity provider

To generate metadata for SSO configuration in Katalon TestOps, you need to set up an identity provider as follows:

• Single sign-on SSO URL: https://sso.katalon.io/saml/SSO
• SP Entity ID: com:katalon:testops
• Attribute statement: Email

Note:

• The values for the above configurations are case-sensitive.

Your metadata is then automatically encrypted in the Katalon database. To learn more about the identity provider, you can refer to this Okta document: Identity Providers.

Configure Single Sign-On

Important:

• You must be an Owner or Admin of an Organization.

• You have configured a Subdomain. See Configure a Subdomain for an Organization.

• You have configured an identity provider for SSO in Katalon TestOps, see above: Configure identity provider.

As an Owner or Admin, you can configure SSO by following these steps:

1. Sign in to Katalon TestOps.
2. Go to Settings > Organization Management.
3. Select Security Settings on the left bar, then scroll down to the Custom Domain and SSO (Single Sign-On) section.
   
4. Toggled on Enable SSO.

   Metadata text box appears.

   
5. Enter the metadata from the configured identity provider.
   Tip: You can find your metadata SSO settings in the documentation or by contacting your administrator.
6. Click Update.

You have successfully set up your SSO Settings.

Enable SSO for new members and existing members

After configuring SSO, you can enable SSO for new members when inviting them to your Organization.

You can also enable SSO for the existing members of your Organization. To learn more about user management in TestOps, refer to this guide: User Management.

For a new User

To enable SSO for a new User, follow these steps:

1. Go to Settings > User Management.

   The User Management page appears.

2. On the top-right corner of the User Management page, click on the Invite User button.

   
   
   

3. In the displayed User Invitation window, insert the new User's email address.

   
   
   

4. In the Login Settings section, toggle on the Log in to [custom.katalon.io] by Single Sign-On option.

   
   
   

   Note:

   • You can choose to select or deselect both options.

5. Click Next to continue the User invitation process as usual.

Once the User invitation process is completed, an email is sent to the User asking them to join the Organization. After the User joins the Organization, they will receive a request email to enable SSO.

For an existing User

To enable SSO for an existing User, follow these steps:

1. Go to Settings > User Management.

   The User Management page appears.

2. In the Active Users tab, nagivate to a User's row, click on the more options icon, and select Edit Login Options.

   
   
   

3. In the new Login Settings pop-up, toggle on the Log in to [custom.katalon.io] by Single Sign-On option.

   
   
   

   Note:

   • You can choose to select or deselect both options.

   If the selected User already has a pending SSO invitation, the pop-up will display the invitation link. You can copy this link to send to the User.

   
   
   

4. Click Save to complete the configuration.

   A request email is then sent to the selected User.

Note:

• Users must join the Organization to log in to the custom domain by either SSO or username and password.

View Pending SSO invitations

To view the pending invitations and SSO requests, in the User Management page, switch to the Pending Invitation tab.

Users with pending SSO invitations are tagged with the SSO icon.

Revoke pending SSO invitations

As an Owner or Admin, you can revoke pending SSO invitations.

For existing Users

To revoke pending SSO invitation for Users who join the Organization, follow these steps:

1. In the User Management page, switch to the Active Users tab.

2. In the Active Users tab, nagivate to the desired User's row, click on the more options icon, and select Edit Login Options.

   
   
   

3. In the new Login Settings pop-up, toggle off the Log in to [custom.katalon.io] by Single Sign-On option.

   
   
   

For new Users

To revoke pending SSO invitations for Users who have not joined the Organization, follow these steps:

1. In the User Management page, switch to the Pending Invitation tab.

2. Select the Users with SSO invitations that you want to revoke, then click on the Revoke SSO button.

   
   
   

3. In the Revoke Single Sign-On Invitation pop-up, verify the list of selected Users and click on the Revoke SSO button.

   
   
   

The SSO invitation links sent to the selected Users will be revoked.

Activate SSO in Katalon Studio

After configuring SSO in Katalon TestOps, you must reactivate Katalon Studio to enable SSO.

Follow these steps:

1. Open Katalon Studio.

2. Click on the Profile icon at the top right corner, and select Deactivate.

   The Katalon Studio Activation box appears as below.

   
   
   

3. Fill in the required information.

   • Server URL: enter the Subdomain you have configured (e.g., https://techwrite.katalon.io).

   • Email: enter your registered Katalon account.

   • Password: enter an API key generated in Katalon TestOps. See: API Keys.

Enable SSO as a User

Note:

• If you are a new User, you must first accept the invitation to join an Organization. Then you will receive the SSO request email.

To enable SSO, follow these steps:

1. Go to your email and find the [Katalon TestOps] Verify Single Sign-On (SSO) authentication email, then click Click here to confirm in the email.

   You will be directed to Katalon TestOps and see the below message.

   
   
   

2. Check the information, then click Yes, enable SSO to confirm.

   After accepting the SSO request, you are automatically navigated to the Subdomain.

   
   
   

3. Click Sign in using SSO.