ABC-Plan Single Sign-On Setup Guide

How to configure enterprise Single Sign-On with ABC-Plan using your organization's identity provider.

Single Sign-On (SSO) Setup Guide

ABC-Plan supports enterprise Single Sign-On via SAML 2.0, allowing your organization to manage authentication through your existing identity provider. This guide will help your IT team configure SSO integration with ABC-Plan.

On this page:

Getting Started

Timeline

SSO setup typically takes 1–2 business days once we have all the required information:

Phase Duration Description
1. Preparation 30 minutes Your IT team gathers configuration details from your identity provider
2. Configuration Call 30 minutes Joint call with ABC-Plan operations to exchange settings and configure both systems
3. Testing 15 minutes Verify SSO login works with a test user
4. Rollout As needed Add remaining users to your identity provider's ABC-Plan application
5. Decommission As needed Notify ABC-Plan when users leave your organization or no longer need access
Who Should Participate

For a smooth setup, please include the following participants from your organization:

Role Responsibility Required?
IT Administrator Has admin access to your identity provider (e.g., Microsoft Entra ID, Okta) to create and configure the SAML application Required
ABC-Plan Admin Can manage users within your ABC-Plan organization Recommended
Test User Someone who will verify the SSO login works correctly Recommended
Before the Configuration Call

To make the most of our configuration call, please have the following ready:

  1. Admin access to your identity provider during the call
  2. Your email domain (e.g., yourcompany.com) — this tells ABC-Plan which users should be redirected to SSO
  3. A test user account that can be used to verify the configuration
  4. Review the Information We Need From You section below
Schedule a Call: Contact support@abc-plan.com to schedule your SSO configuration call. We'll walk through the setup together in real-time.

Supported Identity Providers

ABC-Plan supports any SAML 2.0 compliant identity provider, including:

  • Microsoft Entra ID (formerly Azure Active Directory)
  • Okta
  • OneLogin
  • Google Workspace
  • Ping Identity
  • Other SAML 2.0 providers

Information We Provide

You can use these values immediately when configuring your identity provider:

Item Value
Entity ID (Audience URI) https://abc-plan-prod.firebaseapp.com/
Callback URL (Reply URL / ACS URL) https://abc-plan-prod.firebaseapp.com/__/auth/handler
Note: These values are standard for all ABC-Plan production customers. You can enter them in your identity provider configuration right away—no need to wait for ABC-Plan to complete setup first.

Information We Need From You

To configure SSO for your organization, please provide the following information to your ABC-Plan contact:

Item Description Example (Microsoft Entra ID)
Entity ID Your identity provider's unique identifier Microsoft Entra Identifier
SSO URL The login URL where ABC-Plan will redirect users for authentication Login URL from Entra ID
Certificate The X.509 signing certificate from your identity provider (Base64 encoded) Download from Entra ID SAML configuration

Microsoft Entra ID Setup

If your organization uses Microsoft Entra ID (formerly Azure Active Directory), follow these steps:

Step 1: Create an Enterprise Application
  1. Sign in to the Microsoft Entra admin center
  2. Navigate to IdentityApplicationsEnterprise applications
  3. Click New applicationCreate your own application
  4. Name the application "ABC-Plan" and select Integrate any other application you don't find in the gallery (Non-gallery)
  5. Click Create
Step 2: Configure SAML Single Sign-On
  1. In your new application, go to Single sign-on and select SAML
  2. In the Basic SAML Configuration section, click Edit and enter:
    • Identifier (Entity ID): https://abc-plan-prod.firebaseapp.com/
    • Reply URL (ACS URL): https://abc-plan-prod.firebaseapp.com/__/auth/handler
  3. Click Save
Step 3: Collect Configuration Details

From the SAML Certificates section, download the Certificate (Base64).

From the Set up ABC-Plan section, copy:

  • Microsoft Entra Identifier — This is your Entity ID (typically a URL like https://sts.windows.net/{uuid} where {uuid} is a version 4 UUID)
  • Login URL — This is your SSO URL (typically a URL like https://login.microsoftonline.com/{uuid}/saml2 where {uuid} is the same as above)
Step 4: Send Us Your Configuration
Sending the certificate file: Email spam filters often block .cer files. To ensure delivery, please use one of these methods:
  • Share via a cloud drive link (e.g., Google Drive, Dropbox, OneDrive)
  • Rename the file from .cer to .cer_ before attaching
  • Place the .cer file in a password-protected ZIP file and include the password in your email

Email the following to support@abc-plan.com:

  • Your organization's email domain (e.g., yourcompany.com)
  • Login URL
  • Microsoft Entra Identifier
  • The downloaded certificate file (.cer)
Step 5: Complete Configuration

We will configure ABC-Plan using the information you provided. Since you already entered the Reply URL in Step 2, no further changes are needed on your end.

Other Identity Providers

For other SAML 2.0 identity providers, the general process is:

  1. Create a new SAML application in your identity provider
  2. Configure the Entity ID / Audience URI as https://abc-plan-prod.firebaseapp.com/
  3. Export or copy your provider's:
    • Entity ID / Issuer URL
    • SSO URL / Login URL
    • X.509 Certificate
  4. Configure the Callback URL (Reply URL / ACS URL) as https://abc-plan-prod.firebaseapp.com/__/auth/handler
  5. Send these details to support@abc-plan.com

Testing Your Configuration

Once SSO is configured:

  1. Navigate to app.abc-plan.com
  2. Enter your corporate email address
  3. You should be redirected to your identity provider's login page
  4. After successful authentication, you'll be redirected back to ABC-Plan
Tip: We recommend testing with a single user before rolling out to your entire organization. If you encounter any issues, contact us and we can assist with troubleshooting.
User Provisioning

After SSO is enabled, users in your organization can access ABC-Plan by:

  • Being added to your organization in ABC-Plan by an administrator
  • Or being assigned to the ABC-Plan application in your identity provider (if using Just-in-Time provisioning)

Decommissioning Users

When a user leaves your organization or no longer needs access to ABC-Plan, please notify us so we can remove their account.

To decommission a user, email support@abc-plan.com with the user's email address (user ID). We will remove their access promptly.

Contact

Questions about SSO setup? Reach out to us at support@abc-plan.com.

For security-related inquiries, contact Michael Osofsky at michael@abc-plan.com.

See our Security Policy for details on how we protect your data.

Case Studies
About Us
Contact Us
Products
© 2025 Copyright -  ABC-Plan
BACK TO TOP