Ctrlk
Sign up for free
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Universal SSO with 2Checkout (SAML-Based)

Overview

The 2Checkout Universal SSO solution enables seamless Single Sign-On (SSO) for your organization's users across SaaS and internal applications using any Identity Provider (IdP) that supports the SAML 2.0 protocol. This solution simplifies authentication workflows, enhances security through centralized identity governance, and reduces login friction for end users.

Important! This SSO integration is not self-service. To enable it for your account, your organization must contact 2Checkout Support or your 2Checkout vendor representative to initiate setup.

How it works

  1. You configure a SAML 2.0 application in your IdP, using the 2Checkout cPanel as the Service Provider (SP). Both the SP Entity ID and ACS URL are set to https://secure.2checkout.com/cpanel/saml-login.

  2. You share your IdP metadata (URL or XML file) with your 2Checkout representative.

  3. 2Checkout configures the integration on its end using the provided metadata.

  4. SSO is initially validated with a restricted set of test users before being rolled out to all users.

  5. Once fully enabled, you and your users are redirected to your organization's IdP for authentication when logging into the 2Checkout cPanel. Password-based login is disabled at this point.

Supported identity providers

2Checkout Universal SSO is compatible with any Identity Provider that implements the SAML 2.0 standard. Below is a non-exhaustive list of popular IdPs, grouped by target market.

Enterprise & Large-Scale Identity Providers

Cloud & SaaS-First Identity Providers

  • OneLogin

  • Auth0

  • JumpCloud

  • Google Workspace

  • Salesforce Identity

Education, Public Sector & Nonprofit

  • Shibboleth

  • Azure AD for Education

  • WSO2 Identity Server

Developer & Custom Identity Platforms

  • Keycloak

  • Gluu

  • SimpleSAMLphp

Setup and configuration

The setup process follows these high-level steps:

  1. Contact 2Checkout — Reach out to 2Checkout Support or your vendor representative to initiate the SSO onboarding process.

  2. Configure your IdP — Set up a SAML 2.0 application in your Identity Provider using the SP details provided. Your 2Checkout representative will guide you through this or provide IdP-specific instructions where available.

  3. Share your metadata — Provide your IdP's Federation Metadata URL (or XML file) to your 2Checkout representative.

  4. Testing — A test user will be used to validate the integration before it is rolled out to your organization.

  5. Full rollout — Once testing is successful, ensure all your users are added to the application in your IdP. 2Checkout will then enable SSO for all users on your account.

Once SSO is fully enabled, password-based authentication to the 2Checkout cPanel is disabled for all users on your account. It is critical that all your users are provisioned in the IdP before the final rollout step.

Need help?

For assistance or to begin the SSO onboarding process, contact 2Checkout Support or your vendor representative.

PreviousTwo-factor authenticationNextPing identity to 2Checkout cPanel – SSO Integration Setup Guide

Last updated

Was this helpful?