PandaDoc - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for PandaDoc using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with PandaDoc, ensure you meet the following requirements:
To set up Multi-Pass with PandaDoc, ensure you meet the following requirements:
- PandaDoc admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in PandaDoc are registered in your IdP and have the necessary permissions to access PandaDoc.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
PandaDoc - SSO configuration
Step 1 - Configure PandaDoc (Service Provider)
- Log into PandaDoc as an Administrator.
- Click your profile image located in the lower-left corner to open Settings.
- Navigate to Single Sign-On.
- Select Enable Single Sign-On.
- Specify the company domain you are configuring SSO for and select Add domain name.
- Log into the Domain Manager for the applicable domain (e.g., GoDaddy, Cloudflare, Microsoft).
- Add a TXT Record:
- Host/Name: @
- Value: Select Copy Record in PandaDoc to obtain your unique value.
- TTL: Leave as default (e.g., 3600 seconds).
- Save the TXT Record.
- In PandaDoc under Company Domain, select Verify domains.
- In PandaDoc under Identity Provider, populate the records accordingly:
| Field | Value |
|---|---|
| Provider Link | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Signing Certificate | Browse to Locate the |
- Click Save Changes.
Step 2 - Configure Multi-Pass (Identity Provider)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications.
- Select SAML in the custom integration section.
- Populate the information based on the table below:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | https://pandadoc.com |
| Name | pandadoc |
| Description | PandaDoc SSO integration |
| Assertion Consumer Service URL | https://app.pandadoc.com/sso-acs/ |
| NameID Policy Format | email |
- Click Add integration
- Select Advanced Console
- Click Clients and search for PandaDoc
- Verify the different fields and tabs :
General settings (Multi-Pass)
| Setting | Value |
|---|---|
| Client ID | https://pandadoc.com |
| Name | pandadoc |
| Description | PandaDoc SSO Integration |
| Always Display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://app.pandadoc.com/sso-acs/ |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | email |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Go to the Keys tab and ensure both parameters are set to OFF.
- Go to the Advanced tab:
- Set Assertion Consumer Service POST Binding URL =
https://app.pandadoc.com/sso-acs/
- Set Assertion Consumer Service POST Binding URL =
Adding Mappers
- Click the Client scopes tab.
- Click the first option in the list.
- Select Configure a New Mapper
- Select User Attributes
- Create two User Attributes based on the tables below.
First Name Mapper
| Field | Value |
|---|---|
| Mapper type | User Attribute |
| Name | FirstName |
| User Attribute | firstName |
| Friendly Name | FirstName |
| SAML Attribute Name | FirstName |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF |
Last Name Mapper
| Field | Value |
|---|---|
| Mapper type | User Attribute |
| Name | LastName |
| User Attribute | lastName |
| Friendly Name | LastName |
| SAML Attribute Name | LastName |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF |
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Pipedrive – SSO configuration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Pipedrive using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...