What you'll learn:
How to configure SSO in Uptick using your identity provider
Step-by-step instructions for Azure Active Directory setup
Important security considerations and troubleshooting tips
Overview
Single Sign-On (SSO) allows your team to access Uptick using your organization's identity provider, such as Microsoft Azure AD, Microsoft ADFS, or Google Workspace. This provides enhanced security and a seamless login experience across both the Uptick Web Platform and Uptick App.
Why use SSO?
Centralized authentication through your existing identity provider
Leverage enterprise-grade security features (including 2FA/MFA from your provider)
Simplified user management
Consistent access control across all applications
Important: Uptick logs all invalid login attempts and implements automatic account lockouts and exponential backoff to prevent brute force attacks.
Before You Begin
Who can set this up?
System administrators with access to both Uptick's Control Panel and your identity provider (Azure AD, ADFS, Google Workspace, etc.)
Prerequisites:
Admin access to Control Panel > Security > Single sign-on in Uptick
Admin access to your identity provider
If setting up SSO for a sandbox environment, you'll need a separate SSO configuration with unique URLs and certificates (you cannot reuse your production SSO setup)
Step 1: Configure SSO in Uptick
In the Uptick Web Platform, navigate to Control Panel > Security > Single sign-on
You'll see Step 1 with three URLs that you'll need to provide to your identity provider:
Metadata URL (also called Entity ID or Issuer URL)
Success URL (also called Reply URL or Assertion Consumer Service URL)
Login URL (also called Sign-on URL)
Keep this page open—you'll return here to complete Step 2 after configuring your identity provider
Step 2: Configure Your Identity Provider
For Azure Active Directory (Azure AD)
A. Basic SAML Configuration (in Azure)
In your Azure AD portal, create a new enterprise application and configure the SAML settings:
Azure AD Field | Use This Value from Uptick (Step 1) |
Identifier (Entity ID) | Metadata URL |
Reply URL (Assertion Consumer Service URL) | Success URL |
Sign-on URL | Login URL |
B. Download the Certificate (in Azure)
In Azure AD, navigate to SAML Signing Certificate (Step 3 in Azure setup)
Download the Certificate (Base64)
Open the certificate file and copy its entire contents (you'll paste this into Uptick in the next step)
C. Copy Azure AD URLs (in Azure)
In the Set up section (Step 4 in Azure setup), copy these two values:
Login URL
Azure AD Identifier
Step 3: Complete SSO Configuration in Uptick
Return to Control Panel > Security > Single sign-on in Uptick and complete Step 2:
Field | What to Enter |
Identity Provider | Automatically populated—only change if using multiple Uptick servers with one identity provider |
Single sign-on URL | Paste the Login URL from Azure AD |
Metadata URL | Paste the Azure AD Identifier from Azure AD |
Certificate | Paste the complete contents of the Base64 certificate you downloaded from Azure AD |
Whitelisted domains | Enter a comma-separated list of email domains allowed to sign in with SSO (e.g.,
) |
Require staff to log in with the identity provider | Check this box to enforce SSO for all users. Important: Test thoroughly before enabling this option. If enabled, all Field and Desk users must use SSO—there are currently no exemptions for admin accounts. |
Click Save
Step 4: Test and Roll Out
Testing SSO
Before enforcing SSO, test with a few users to ensure they can successfully log in
Have test users sign out of the Uptick Web Platform and Uptick App completely
Test users should sign back in—they'll be redirected to your identity provider for authentication
For Mobile App Users
If SSO is enabled after users are already signed into the Uptick App:
Open the Uptick App
Tap About > Sign Out
Sign back in using the SSO option
Enforcing SSO
Once testing is successful, you can check the "Require staff to log in with the identity provider" option to enforce SSO for all users.
⚠️ Important: If you enable this option and encounter issues, contact Uptick Support immediately at [email protected] for assistance.
Troubleshooting
Common Issues
"Login credentials failed (400)" error
Ensure you're signed into your Microsoft/Google account first
Verify the SSO configuration matches exactly between Uptick and your identity provider
For mobile app users: Sign out completely and sign back in
"AADSTS75011: Authentication method doesn't match" error
This typically occurs with Windows Hello authentication
Contact Uptick Support—this may require configuration adjustments on Uptick's side
SSO not working in sandbox environment
Sandbox and production environments require separate SSO configurations
You cannot reuse certificates or URLs between environments
Set up a dedicated Azure AD application for your sandbox
Users locked out after enabling "Require staff to log in with identity provider"
Contact Uptick Support immediately at [email protected]
We can assist with disabling the requirement if needed
Security Information
Uptick implements multiple security measures to protect your account:
Automatic account lockout after repeated failed login attempts
Exponential backoff to prevent brute force attacks
Login tracking with IP addresses for audit purposes (available in Control Panel > Security > Account Device Audit for the past 14 days)
When using SSO, authentication security is managed by your identity provider (Microsoft, Google, etc.), allowing you to leverage their enterprise-grade security features including multi-factor authentication (MFA).
Need Help?
If you encounter any issues during SSO setup or have questions:
Email: [email protected]
In-app: Use the chat widget in the bottom-right corner of the Uptick Web Platform