SAML configuration
Parkable integration on Okta https://www.okta.com/integrations/parkable/
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorisation data between parties. SAML for single sign-on (SSO) makes it possible for your users to authenticate through your company's identity provider (IDP) when they log in to Parkable. Parkable only supports SP initiated login.
Note that SAML will only apply to user accounts on one of your verified domains. Domain verification can be completed at any time independently of the SAML configuration and you may add more than one domain if required. Please see the Domain verification guide for information.
Before you begin
Before configuring SAML single sign-on, create a Parkable account that you can use to access your organisation even if SAML has been mis-configured.
This account:
Must not use an email address from a domain you have configured for this organisation. This ensures that the account will not redirect to SAML single sign-on when you log in.
Must be given organisation admin access.
Consider this account as temporary, you'll be able to remove admin access from it when you are satisfied that SAML single sign-on is working as expected for your users.
Set up SAML single sign-on
This section describes how to set up SAML single sign-on.
Note that during the time it takes to configure SAML single sign-on, users won't be able to log in to Parkable. Consider scheduling a day and time for the changeover to SAML and alerting your users in advance.
Copy details from your identity provider to your Parkable organisation
From your organisation at account.parkable.com, select members from the top bar and then SSO from the left. Navigate to the .
Click the ‘Enable SAML’ toggle.
Enter the domain you wish to enable SAML for. Emails from this domain will need be required to log in using SAML.
Copy your identity provider details to these fields:
Field | Description |
|---|---|
Issuer | This value is the URL for the identity provider where your product will accept authentication requests. |
Single sign-on (SSO) URL | This value defines the URL your users will be redirected to when logging in. |
x.509 Certificate | This value begins with '-----BEGIN CERTIFICATE-----'.This certificate contains the public key we'll use to verify that your identity provider has issued all received SAML authentication requests. |
5. Click Save.
Copy details from your Parkable organisation to your identity provider
There first two fields in the image below must be copied directly to your IDP. The mapped attributes will require configuration as per you IDP platform instructions.
Parkable uses email addresses as user names
Test SAML sign-on for your Parkable organisation
Your SAML configuration applies as soon as you click Save.
Note: Parkable only supports Service provider initiated login. This means that users need to browse to https://account.parkable.com to log in.
Because we don't log out your users, use these steps to test SAML configuration while still making adjustments:
Open a new incognito window in your browser.
Log in with an email address from one of your verified domains.
Confirm you are signed in and have all the expected access.
If you experience a login error, use the Troubleshooting SAML single sign-on section below to make adjustments to your configuration and test again in your incognito window.
If you're unable to log in successfully, disable SAML by clicking the 'toggle labelled ‘SAML Enabled’ at the top of the window then re-save the configuration to ensure users can access your Parkable.
Remove SAML single sign-on
Before you remove the SAML single sign-on configuration, you should know that your users will need an Parkable account password to log in.
Users who had a password on their Parkable account before SAML single sign-on was enabled will use that to log in.
Users who joined after SAML single sign-on was enabled will need to reset their password for their Parkable account when they next log in.
To remove SAML single sign-on:
From your organisation at account.parkable.com, select Members and then the SAML tab.
Click the toggle to disable SAML and then click save.
We recommend that you also go to your identity provider and remove the SAML configuration for Parkable there.
Troubleshooting
If you can no longer log in, you will need to use the user you created above in the ‘Before you begin’ section.
Errors | Possible issues |
|---|---|
An error screen for your IdP. | You might have an issue with your identity provider configuration, e.g. a user may not be able to access the Parkable product from the IdP. Raise a ticket with your IT department. |
All <AudienceRestriction>s should contain the SAML RP entity ID. | The Service Provider Entity Id in the identity provider SAML configuration may be incorrect. Verify that you're using the correct Entity Id and try again. |
The popup displays an error about not being able to find the site, or you are seeing an unexpected site in the popup window | The SAML URL has been misconfigured in your Identity provider. Please check all details match those show in the SAML tab of your organisation at account.parkable.com |
‘Unable to process request due to initial missing state. This may happen in browser sessionStorage is inaccessable or accidentally cleared. | parkable does not support IDP initiated login. Browse to https://account.parkable.com to start the login process. |