This guide explains how to integrate Assertiv with Mavenlink using SAML and/or the Mavenlink API for Account Lifecycle management. When this set up is complete, users will be able to log into Mavenlink using their Assertiv account if Single Sign-on was configured, and user accounts in Mavenlink will be automatically provisioned and de-provisioned in Mavenlink if Account Lifecycle was enabled.
Note: The screenshots used are for demonstrative purposes only and are accurate at time of writing. These screens can change over time. Please let us know if this document no longer reflects the application.
Create a Mavenlink Application in Assertiv
Log into your Assertiv Organization (https://<your-org>.assertiv.com) as an Admin user and select the App Config dashboard tile.
Select the plus or create app button to create a new App config.
Search for the Mavenlink application and select the icon.
You will be prompted for some information on the following page.
Application Name: The name entered here will be used when displaying this app to end users from their Applications page and in administrative app configuration pages.
Click the "Enable Single Sign-on" slide toggle to open the SSO settings, or the "Account Lifecycle" slide toggle for the Provisioning settings.
Single Sign-on Configuration
First, check whether you are able to use SSO with Mavenlink. At the time of writing, it is available on the "Enterprise" plan and can be enabled as an add-on for other plans. Go to this section to see if it's available for your account: https://app.mavenlink.com/settings/account/security
Signing Certificate: The certificate is used to create a trust between Assertiv and your Mavenlink account. For advanced users, if you have created a certificate you wish to use, select it here. Otherwise (or if you are unsure) you can select "-- Generate New Signing Certificate --".
Mavenlink Subdomain: Enter your Mavenlink subdomain. You will have this configured when you set up your mavenlink tenancy.
Save the configuration. When the save completes, you will be taken to the Edit page which will look something like this:
Log in to Mavenlink as an Administrative user and go to https://app.mavenlink.com/settings/account/security. In the "Single Sign On" section, copy the information from the Edit page into the relevant Assertiv fields and click "Save".
Configuring automated provisioning and de-provisioning for Mavenlink is simple. Enabling Account Lifecycle will show the following information:
First, go to Mavenlink, https://app.mavenlink.com/oauth/applications, and click "Register a new application".
Enter an application name. For the Callback URL, use:
Click Save, and then click on "Show your Oauth Token". Copy and paste this value into the "Bearer Token" field on the Assertiv Edit page and save the configuration. The secret Mavenlink token will be encrypted by Assertiv and is not retrievable or visible to anyone after you click Save.
This configuration will allow automated Mavenlink account invitations to be sent to your users in Assertiv who have the right Permission (via a Role - see below). User accounts that are already in Mavenlink will be matched by email address. That is, if a user in Assertiv receives a Role that grants a Mavenlink account, and that user already has an account in Mavenlink (the email address in Assertiv is the same as in Mavenlink), that user will not receive a new invitation, but will be linked so that changes to the user in Assertiv are reflected in Mavenlink. If the user loses the Role in Assertiv, their Mavenlink user account will be removed from your Mavenlink tenancy. In Mavenlink terms, they will no longer have a Mavenlink "Account Membership".
In order for your users to access your application from their Assertiv apps page, you must set up a role, assign users to the role, and give that role permission to access the application. This is required for testing the integration as well. If you configured Single Sign-on, there will be a Permission available called "Grants Single Sign-on to Mavenlink". If you configured Account Lifecycle, there will be another permission called "Grants a user account in Mavenlink"
More details on roles can be found in the following articles