Enforce login type

Permissions required: Owner


Chartio currently supports three login types for users:

  • Chartio login
  • Google authentication
  • SAML (Azure, Okta, OneLogin)

To enforce a specific login type, select Settings from the top navigation. Find the Authentication section, adjust the setting as needed, and click Update to save your changes.

Disabling login methods will immediately affect logged in users, including you. Make sure you have recently logged in with one of the selected login methods before updating this for your organization.

Settings

Managing user logins

If you choose to enforce Google or SAML authentication only, a user whose Google/SAML account access is revoked may not lose access to Chartio immediately. If the user is currently logged in to Chartio at the time of their removal, their session may stay active for up to 7 days.


SAML and Permissions

Chartio supports Single Sign-on (SSO) using SAML.

Enforcing SSO login has many benefits for both you and your users. It allows users to log in to Chartio quickly and easily, and allows admins to manage their users from one centralized location.

If a user logs in to Chartio via SAML and had not previously been added to a Chartio team, they will be added to a team called SAML Added Users. If you grant permissions to this team, note that they will be shared with any new user who is auto-added to the team.

A user whose SAML account access is revoked may not lose access to Chartio immediately. If the user is currently logged in to Chartio at the time of their removal, their session may stay active for up to 7 days.

Azure

Add the Chartio app to Azure

From your Azure Dashboard, select Azure Active Directory from the far left navigation. Then, choose Enterprise applications from the Overview panel.

Click Enterprise applications in Azure

Next, click + New application.

Click + New application in Azure

In the Add your own app section, select Non-gallery application. Enter “Chartio” in the name field, then scroll down and click Add.

Add Chartio as an app

Add users to this application as needed. Steps for this are not shown as this is implementation dependent.

Obtain Azure SSO details

From the side panel, select Single sign-on, then choose SAML.

Azure

In the Basic SAML Configuration section(1), enter the following values:

Obtain the following values and keep them handy—you’ll need to configure them in Chartio in the next section.

  • Download the signing certificate (Base 64)(2). Open this file in a text editor.
  • Login URL
  • Azure AD Identifier

Once those 3 values are configured in Chartio in the next section, click Test(4) and follow instructions to test the integration.

Follow the intructions to test integration

Add Azure SAML settings to Chartio

Once you’ve added the Chartio application to Azure, you’ll need to add your SAML settings to your Chartio account.

Navigate to your organization settings page by selecting … > Settings from the top navigation. In the Organization tab, find the Authentication section and check the SAML checkbox. If you want your users to only log in via Azure, uncheck the other login types.

Enter the SSO settings from the Setup Instructions obtained in the previous step.

  • SAML entity ID: enter the Azure AD Identifier
  • SAML SSO URL: enter Login URL obtained from Azure
  • X.509 certificate: text value from signing certificate (Base 64) you downloaded from Azure

Okta

Add the Chartio app to Okta

From your Okta Dashboard, navigate to the Admin section and select Applications from the top navigation. Click Add Application.

Type Chartio into the search box, and click Add next to our application name.

Okta

Review the application settings, using the Next buttons to navigate through. Assign the application to your users as needed and click Done when finished.

Obtain Okta SSO details

Once the Chartio application has been saved to your Okta account, you’ll be redirected to the application’s settings page. If not, find it from your Dashboard.

Switch to the Sign On tab. Scroll down to the View Setup Instructions button and click it.

Keep this page handy - you’ll need this information in the next step.

Okta SAML

Add Okta SAML settings to Chartio

Once Chartio has enabled SAML login for your organization, you’ll need to add your SAML settings to your Chartio account.

Navigate to your organization settings page by selecting > Settings from the top navigation. In the Organization tab, find the Authentication section and check the SAML checkbox. If you want your users to only log in via Okta, uncheck the other login types.

Enter the SSO settings from the Setup Instructions obtained in the previous step.

Chartio SAML


OneLogin

Add the Chartio app to your OneLogin account

Go to your OneLogin admin console, and select Apps > Add Apps from the top navigation. Type Chartio into the search box, then click our app name.

OneLogin

A configuration panel for the Chartio app will appear. Find the Connectors section and change the Connector Version to SAML2.0. Click Save when finished.

Connectors

Obtain OneLogin SSO details

Once you click Save, you’ll be redirected to the Chartio app’s settings. Switch to the SSO tab and keep it handy - you’ll need this information in the next step.

Add OneLogin SAML settings to Chartio

Once Chartio has enabled SAML login for your organization, you’ll need to add your SAML settings to your Chartio account.

Navigate to your organization settings page by selecting > Settings from the top navigation. In the Organization tab, find the Authentication section and check the SAML checkbox. If you want your users to only log in via OneLogin, uncheck the other login types.

A form will appear. Enter the SSO settings you located in OneLogin in the previous step.

  • SAML entity ID: enter the Issuer URL from OneLogin
  • SAML SSO URL: enter the SAML 2.0 Endpoint from OneLogin
  • X.509 certificate: in OneLogin, click “View Details” below the certificate box and copy the certificate. Paste it here.

Single Sign On


Additional SAML Identity Providers

The following identity providers have not been tested by Chartio, but have been successfully configured by our customers:

  • Idaptive
  • Google
  • Rippling

To use one of the above providers, follow these basic setup instructions:

  1. Add Chartio as an application in the identity provider’s admin panel using the following settings:
  2. Obtain SSO details from the identity provider
    • SAML entity ID (also called Issuer URL)
    • SAML SSO URL (also called Endpoint URL, Login URL)
    • X.509 certificate (signing certificate)
  3. Add SAML details to Chartio (… > Settings > Authentication)

Two-factor Authentication (2FA)

Chartio does not support two-factor authentication directly but we recommend using Okta or OneLogin as a SAML provider instead. They both support 2FA and as a configuration option in Chartio, we can force users to login via one of these providers.