Single sign-on (SSO) gives you to access the Similarweb platform through a number of popular identity providers (IdPs). With SSO, anyone in your organization given access to the Similarweb application within your IsP system will be able to join your account and access the Similarweb platform.
More control: Easily manage your team’s access, even as employees come and go. |
More security: Protect your account and keep your organization’s information secure. |
More value: Get the most out of your organization's Similarweb subscription with seamless access and fewer password issues. |
Note: SSO is a premium feature and is only available on certain packages or as an add-on. If you’d like to enable SSO on your Similarweb account, contact your Account Manager.
If SSO is already included in your subscription, follow the setup instructions below for your organization’s identity provider. You’ll need to be an admin of your Similarweb account, and have access to your IdP console.
-
Log in to your Similarweb account.
-
From the Login Management page within the Account module, click on the SSO tab.
-
Begin completing the fields on the in-platform form alongside the steps described below (depending on the identity provider supported below).
-
In your Okta administration console. From the left navigation panel go to Applications > Applications.
-
Click “Create App Integration”, in the dialog select “OIDC” and “Web application”. Then click “next”.
-
Fill out the form as per the example screenshot below:
-
Choose an appropriate name (e.g. Similarweb).
-
Under “Grant Type”, select “Authorization Code” and “Implicit(Hybrid)”
-
In Sign-in Redirect URIs, enter the following URL:
https://secure.similarweb.com/signin-<client_id>
<Will_fill_this_later> - will be replaced by your client ID later on in the setup process.
-
In Sign-out redirect URLs, enter the following URL:
https://secure.similarweb.com/signout-<client-id>
<client-id> - will be replaced by your client id on the later steps
-
Fill out the “Assignments” section according to your internal access policy - all users, users from particular group, etc. Then press “Save”.
-
-
On the next screen, you'll find Okta Domain, Client ID and Client Secret. Copy these, as you will need them in future steps.
-
Click “Edit” on General Settings and replace <client-id> with your Client ID from step 4. Uncheck “Require consent” in User Consent section.
Also, it may be possible to initiate login from both app and Okta. To initiate login URL, enter: https://secure.similarweb.com/account/login-<your_client_id>. Click “save”.
-
Complete any remaining fields within the SSO form on the Similarweb platform, and click “Update”.
-
A confirmation status should then appear. Once you see “approved” appear in green, this means the setup has been successful.
-
Enter your PingFederate administration console, and follow the below steps:
-
Click “Connections” in the left navigation panel.
-
Click “Applications” in the submenu.
-
Click “+” on the right of the “Applications” title.
-
-
On the “Add Application” screen, follow the steps below:
-
Define the application name (e.g. Similarweb).
-
Choose “OIDC Web Application” application type.
-
Similarweb’s icon can be downloaded from here.
-
Press the “Save” button.
-
-
An application overview should then open. First, define the required scopes, by clicking “Resources” (1) > “Edit” (2) button.
In the edit mode, please allow the OIDCs scopes: “profile” and “email”.
Note: In order for the integration to work, the tokens must have the user's email. By default we look for a claim named “email”. If for any reason you use a different email identifier, for example, UPN, please let us know.
-
Click on “Configuration” (1). Since the address definition uses "Client ID", it is recommended to copy it (2), and click “Edit” (3).
The supported response type is the “ID Token “ with the “Implicit” grant type.
-
Next, the “Application URLs":
-
“Redirect URL” format: https://secure.similarweb.com/signin-<client_id>The <client_id> should be replaced by the application’s client ID. In the example screenshot, the <client_id> is d44bef32-0c20-4c1a-9694-7fd805113939 so the “Redirect URL” in the picture is https://secure.similarweb.com/signin-d44bef32-0c20-4c1a-9694-7fd805113939.
-
Select “Client Secret Post” for the “Token Endpoint Authentication Method”.
-
“Inititate Login URL” format: https://secure.similarweb.com/login-<client_id>the <client_id> should be replaced by the application’s client ID.
-
“Signoff URL” format: https://secure.similarweb.com/signout-<client_id>the <client_id> should be replaced by the application’s client ID.
-
-
The “Configuration” should appear like the image below. Before saving and exiting the application settings (and enabling the application), take note of the below fields (marked in the image below in red):
-
Issuer
-
Client ID
-
Client Secret
You can encrypt and create an expired link for the Client Secret. You may use any service, for example:
https://password.link/ https://pwpush.com/ https://transfer.pw/ -
-
Complete any remaining fields within the SSO form on the Similarweb platform, and click “Update”.
-
A confirmation status should then appear. Once you see “approved” appear in green, this means the setup has been successful.
-
In your Auth0 administration console, follow these steps:
-
Click “Application” in the left navigation panel.
-
Click “Application” in the submenu.
-
Click “Create Application”.
-
-
On the next screen:
-
Define application name (e.g. Similarweb)
-
Select “Regular Web Application” application type
-
Click “Create”
-
-
A quick start step will then open. This must be skipped by clicking on the “Settings” (1) tab. Since the address definition uses the "Client ID", it is recommended to copy it (2).
-
Now, the application properties need to be defined:
-
Enter the URL https://similarweb.com/favicon.ico under “Application Logo”.
-
Ensure the “Application Type” selected is “Regular Web Application”.
-
Ensure the “Token Endpoint Authentication Method” is “Post”.
-
-
Next, the “Application URLs”:
-
"Application Login URL" format: https://secure.similarweb.com/login-<client_id> when the <client_id> needs to be replaced by the application’s client ID. In the application in the example, the <client_id> is GTQP8UYhENE2f3LutBIrzDJRqzFD8Lvn so the “Application Login URL” in the example is https://secure.similarweb.com/login-GTQP8UYhENE2f3LutBIrzDJRqzFD8Lvn
-
“Allowed Callback URLs” format: https://secure.similarweb.com/signin-<client_id>. Replace <client_id> with the application’s client ID.
-
"Allowed Logout URLs” format: https://secure.similarweb.com/signout-<client_id>. Replace <client_id> with the application’s client ID.
-
Enter the URL https://secure.similarweb.com at “Allowed Web Origins”.
-
Enter the URL https://secure.similarweb.com at “Allowed Origins (CORS)”.
-
-
“ID Token Expiration”, is the time users on your account will be logged in to Similarweb until prompted to reconnect, so set this time as you see fit.
-
For “Advanced Settings”, ensure the following “Grant Types” are ticked: “Implicit” and “Authorization Code”.
Note: In order for the integration to work, the tokens must have the user's email. By default we look for a claim named “email”. If for any reason you use a different email identifier, for example, UPN, please let us know.
-
Before saving and exiting the application settings, ensure you have the data required:
-
Domain
-
Client ID
-
Client Secret
-
-
You can encrypt and create an expired link for the Client Secret. You may use any service, for example:
https://password.link/ https://pwpush.com/ https://transfer.pw/ -
Complete any remaining fields within the SSO form on the Similarweb platform, and click “Update”.
-
A confirmation status should then appear. Once you see “approved” appear in green, this means the setup has been successful.
-
Enter your Azure Portal and click “Azure Active Directory”.
-
2. From the left navigation menu, go to “App registrations”.
-
Select “+ New registration”.
-
Add the application name of your choice (e.g Similarweb), select the directory that best suits your organization setup, for platform choose “Web”. Leave the redirect blank.
-
Select “Add a certificate or secret”.
-
Add “new client secret”.
-
Be sure to save the value for secrets somewhere. It cannot be restored later.
-
Copy Client ID from the overview page.
-
Go to the authentication page from the left navigation, choose “add a platform” and select “Web”.
-
Add the following URLs, replacing <your-client-id> with your own ID (step 8):
https://secure.similarweb.com/signin-<your-client-id> https://secure.similarweb.com/signout-<your-client-id> Then select the two checkboxes at the bottom (as seen in the image below), then click “Configure”.
-
Visit the “Token Configuration” page from the left navigation and click “Add optional claim”.
-
Under Token type, select “ID” and for the claim, tick “email”, then click “Add”.
-
From the overview page, click “endpoints” and copy the URL from “OpenId connect metadata document”. This will need to be sent to Similarweb.
-
From the overview page, select “Managed application in local directory”.
-
Click “1. Assign users and groups”.
-
Ensure users on your account have a valid email field, otherwise we will use the “preferred_username” claim for the sake of user identification. Without a valid email we will not be able to communicate with users via email.
-
Complete any remaining fields within the SSO form on the Similarweb platform, and click “Update”.
-
A confirmation status should then appear. Once you see “approved” appear in green, this means the setup has been successful.
-
Enter your OneLogin administrative console.
-
From the top navigation bar, click “Applications”.
-
Click “Add App” in the upper right corner.
-
Type “openid” in the search box and click enter. Then select “OpenId Connect (OIDC)”.
-
Enter a display name, for example “Similarweb Staging”. Then click the “Save” button at the top right corner.
-
On the next screen, click the SSO tab, and under “Token Endpoint” ensure the authentication method is set to POST, then copy the “Client ID” (you will this in future steps).
-
From the left navigation bar, click “Configuration”.
-
Add the below in the corresponding fields (use the Client ID from step 6). The URLs should look like: https://acme.com/something-2958b663-c0ed-4f01-819f-dfc7fd7cc7e7.
Login URL: https://secure.similarweb.com/account/login-<your_client_id>
Redirect URLs:
https://local-secure.sandbox.similarweb.com/signin-<your_client_id> https://secure.similarweb.com/signin-<your_client_id> PostLogout redirect:
https://local-secure.sandbox.similarweb.com/signout-<your_client_id> https://secure.similarweb.com/signout-<your_client_id> -
Complete any remaining fields within the SSO form on the Similarweb platform, and click “Update”.
-
A confirmation status should then appear. Once you see “approved” appear in green, this means the setup has been successful.
If you experience any issues during the installation process, please reach out to your account manager or contact our Support team.
Note: When contacting Support for assistance, please include the email of your account admin.
Comments
Article is closed for comments.