Single Sign-on

Single sign-on (SSO) allows you to use your own provider of user account management, authentication, and authorization services to register and log in to Make

Make supports the following authentication standards and providers:

  • OAuth 2.0

  • SAML 2

  • Facebook

  • Google

You configure SSO for each of your organizations separately.

Warning

Double-check your SSO configuration before you click Save on the SSO settings page. When you click Save, Make enables SSO with the settings you provided. You will be logged out immediately. You won't be able to log in with your Make credentials anymore.

  1. Log in to Make.

  2. Select the organization for which you want to set up SSO and click Settings.

  3. Enter a Namespace. You can enter any text that describes your organization. Users will need to enter your organization's namespace on the SSO login page. Namespace must include only lowercase characters and dashes.

  4. Select an SSO type.

    • None - default option indicating that SSO is turned off.

    • Oauth2

    • SAML

  5. Fill in the protocol-specific information as described in the examples section of this article.

  6. Under SSO Options, select which teams new users who log in will become members of.

    Note

    if you do not select a default team, users logging in through SSO will not be able to access any data. This is because all types of data within Make must belong to a team. If a user does not belong to any teams, they cannot work with MakeRead more about teams.

  7. Click Save.

Make enables SSO with the settings you provided and logs you out immediately. You can now log in with your SSO provider credentials. At the same time, you receive an email with a one-time link, which you can click to disable SSO.

Important

When logging in using SSO for the first time, you must use an account which has the same email address as the account that you used to configure SSO. Make sure that you assign the same email address to the user in your identity provider.

Microsoft Azure supports both OAuth 2.0 and SAML 2. Perform the following steps to connect Make with Azure Active Directory.

  1. Log in to your Azure Portal and open Azure Active Directory.

  2. Open App registrations and click New registration.

  3. Give the registration a name.

  4. Fill in the Redirect URL.

    • Find the Redirect URL In Make > Organization > Settings after you select an SSO type.

  5. Click Register.

  6. Note down the Application (client) ID.

    • Paste this ID into your Make settings.

  7. Go to Certificates and secrets and click New client secret.

    • Paste the secret value into your Make settings.

  8. Go to Overview and click Endpoints.

    • Paste the OAuth 2.0 authorization endpoint (v2) into the Authorize URL field in Make settings.

    • Paste the OAuth 2.0 token endpoint (v2) into the Token URL field in Make settings.

  9. Paste the following into the User information URL in Make settings.

  10. In Make, set up Login scopes and Scopes separator:

    • Login scopes: openid, profile, email

    • Scopes separator: space

  11. In Make, paste the following into User information IML resolve. This tells Make how to map user information received from Azure to information in Make database.

    {"id":"{{id}}","email":"{{mail}}"}

Logging in using SSO

When Make is configured to use SSO, users don't use the default sign-in form. Instead, they use the dedicated SSO sign-in options.

  1. Go to https://www.make.com/en/login

  2. Click Sign in with SSO.

  3. Enter the namespace you chose for your organization.

  4. Log in using your identity provider and consent to Make's access to your user data.

The user is now logged in. If the user was not assigned to your organization before, the system creates a new users account for them and assigns them to the selected default team.

Note

If a user with the same email address already existed in the organization before you configure SSO, they will not have access to the organization's data. To solve this, delete the user from the organization and ask them to log in again using SSO.