When you receive notification from your IdP that the x509 certificate for your company's Procore SSO configuration is expiring, you can update the SSO configuration settings to include a new x509 cert...When you receive notification from your IdP that the x509 certificate for your company's Procore SSO configuration is expiring, you can update the SSO configuration settings to include a new x509 certificate by following the steps below.
With this option, your end users can log into your Identity Provider's SSO page (e.g., Okta, OneLogin, or Microsoft Azure AD) and then click a Procore enterprise application tile to log in using SSO a...With this option, your end users can log into your Identity Provider's SSO page (e.g., Okta, OneLogin, or Microsoft Azure AD) and then click a Procore enterprise application tile to log in using SSO and open the Procore web application. Referred to as Procore-initiated SSO, this option gives your end users the ability to sign into the Procore Login page and then sends an authorisation request to the Identify Provider (e.g., Okta, OneLogin, or Microsoft Azure AD).
Answer Procore explicitly supports Single Sign-On (SSO) integration with the providers listed below. Other SAML 2.0 based IdPs can also be integrated for SSO authentication with Procore by following t...Answer Procore explicitly supports Single Sign-On (SSO) integration with the providers listed below. Other SAML 2.0 based IdPs can also be integrated for SSO authentication with Procore by following the instructions in Configure Custom SSO. To learn more about each provider, click the links below: Okta SSO OneLogin SSO Azure Active Directory (Entra ID) SSO Google SSO See Also Do Procore's SSO integrations support single or multiple domains?
To find the discrepancy between email addresses and resolve this error, you will need to contact your internal IT team and ask that they run a "SAML trace". A SAML trace will show the email address yo...To find the discrepancy between email addresses and resolve this error, you will need to contact your internal IT team and ask that they run a "SAML trace". A SAML trace will show the email address your company's IdP is trying to log you into Procore with, as well as the email address Procore recognises as your username for login purposes.
Because the majority of SSO configuration occurs in the IdP software, Procore provides limited support in the setup and configuration of SSO integrations. if you have questions or concerns about SSO c...Because the majority of SSO configuration occurs in the IdP software, Procore provides limited support in the setup and configuration of SSO integrations. if you have questions or concerns about SSO configuration settings in Procore, contact Procore support. Please note that customers who license Procore Pay may require additional support enabling MFA for Payments when SSO is configured for their company.
The Procore user account's login email and the primary email address for the user in the Identity Provider's Active Directory must match exactly. Procore passwords only need to be set for users whose ...The Procore user account's login email and the primary email address for the user in the Identity Provider's Active Directory must match exactly. Procore passwords only need to be set for users whose company has configured SSO to "Allow Password Login" (also known as IdP-initiated flow). When creating accounts for users who will NOT authenticate through your Identity Provider (any user whose login email address does not contain a targeted email domain)
If your company has integrated an SSO solution with your Procore environment that is IdP-Initiated, users can still log into the Procore web application from the Procore login page. If your company ha...If your company has integrated an SSO solution with your Procore environment that is IdP-Initiated, users can still log into the Procore web application from the Procore login page. If your company has configured SP-Initiated SSO for Procore, you will not be able to reset your password from the Procore login page because your password is managed in your company's SSO software.
