Skip to main content

Overview

Single Sign-On (SSO) allows your team to authenticate to the Yuno Dashboard using your organization’s identity provider (IdP). SSO centralizes access management, enforces your existing security policies, and eliminates the need for separate Yuno credentials. SSO is available on Enterprise plans. Contact your Yuno account manager to enable SSO for your organization.

Benefits

BenefitDescription
Centralized accessManage Yuno access through your existing IdP
Security enforcementApply your organization’s MFA, password, and session policies
Automated provisioningTeam members gain access automatically based on IdP group membership
Simplified onboardingNew team members log in with existing corporate credentials
Audit complianceAuthentication events flow through your IdP’s audit trail

Supported Protocols

ProtocolStandardUse Case
SAML 2.0XML-based assertion exchangeEnterprise IdPs (Okta, Azure AD, OneLogin)
OIDCOAuth 2.0-based identity layerGoogle Workspace, Auth0, custom IdPs

Configuration Steps

1

Navigate to SSO settings

Go to Dashboard > Settings > SSO and click Configure SSO.
2

Select protocol

Choose SAML 2.0 or OIDC based on your identity provider’s capabilities.
3

Enter identity provider details

Provide the required configuration from your IdP:For SAML 2.0:
FieldDescriptionExample
IdP Entity IDUnique identifier for your IdPhttps://idp.example.com/saml/metadata
SSO URLIdP login endpointhttps://idp.example.com/saml/sso
CertificateX.509 signing certificate (PEM format)Upload or paste certificate
For OIDC:
FieldDescriptionExample
Issuer URLOIDC discovery endpointhttps://accounts.google.com
Client IDOAuth client identifierabc123.apps.googleusercontent.com
Client SecretOAuth client secretStored securely by Yuno
4

Configure Yuno as a service provider

Copy the values from the Service Provider Details panel in Yuno and add them to your IdP:
ValueDescription
ACS URLAssertion Consumer Service URL (SAML) or Redirect URI (OIDC)
Entity IDYuno’s service provider identifier
Metadata URLSAML metadata endpoint for automatic configuration
5

Map attributes

Configure attribute mapping between your IdP and Yuno. See Attribute Mapping.
6

Test the connection

Click Test SSO to initiate a test login flow. See Testing SSO.
7

Enable SSO

After a successful test, toggle SSO to Active. Team members will be redirected to your IdP on their next login.

Identity Provider Setup Examples

Okta

  1. In Okta Admin Console, go to Applications > Create App Integration
  2. Select SAML 2.0 and click Next
  3. Set Single sign-on URL to your Yuno ACS URL
  4. Set Audience URI to your Yuno Entity ID
  5. Configure attribute statements (see Attribute Mapping)
  6. Copy the IdP metadata URL and paste it in the Yuno SSO configuration

Azure AD

  1. In Azure Portal, go to Enterprise Applications > New Application > Create your own
  2. Select Integrate any other application and create
  3. Go to Single sign-on > SAML
  4. Set Identifier (Entity ID) to your Yuno Entity ID
  5. Set Reply URL to your Yuno ACS URL
  6. Download the Federation Metadata XML and upload it to Yuno

Google Workspace

  1. In Google Admin Console, go to Apps > Web and mobile apps > Add App > Add custom SAML app
  2. Copy the SSO URL and Certificate from Google and enter them in Yuno
  3. Set ACS URL and Entity ID from Yuno’s Service Provider Details
  4. Configure attribute mapping for email and name

Attribute Mapping

Map your IdP attributes to Yuno user fields:
Yuno FieldRequiredExpected ValueCommon IdP Attribute
emailYesUser’s email addressuser.email, mail, email
first_nameYesUser’s first nameuser.firstName, givenName
last_nameYesUser’s last nameuser.lastName, surname
roleNoYuno Dashboard roleuser.groups, memberOf (mapped)

Team Role Mapping

Map IdP groups to Yuno Dashboard roles to automate access control:
Yuno RolePermissionsTypical IdP Group
AdminFull access: settings, keys, team, all featuresyuno-admins
DeveloperView and manage transactions, connections, routingyuno-developers
AnalystView insights, reports, and payment datayuno-analysts
ViewerRead-only access to payments and dashboardyuno-viewers
Configure role mapping in the SSO settings under Role Mapping. Users without a mapped group are assigned the Viewer role by default.

Testing SSO Configuration

1

Click Test SSO

In the SSO configuration page, click Test SSO. A new browser window opens with your IdP’s login page.
2

Authenticate with your IdP

Log in using your IdP credentials. After authentication, you are redirected back to Yuno.
3

Review test results

Yuno displays the attributes received from your IdP. Verify that email, name, and role are mapped correctly.
Do not enable SSO for your organization until you have completed a successful test. A misconfigured SSO setup can lock team members out of the Dashboard.

Troubleshooting

IssueCauseResolution
”Invalid SAML response”Certificate mismatch or expired certificateRe-upload the current IdP signing certificate in Yuno
User redirected to IdP but login failsACS URL or Entity ID mismatchVerify the ACS URL and Entity ID match exactly between Yuno and your IdP
User authenticated but receives “Access Denied”Email domain not allowed or role not mappedCheck that the user’s email domain is in your allowed list and their IdP group maps to a Yuno role
SSO works but users get Viewer roleRole mapping not configuredSet up group-to-role mapping in SSO settings
”Clock skew” errorServer time difference between IdP and YunoEnsure your IdP server clock is synchronized via NTP
If you encounter issues not listed here, contact Yuno support with your SSO configuration details (redact secrets) and the error message. Include the IdP metadata URL and Yuno Entity ID for faster resolution.