1. Mollie Support
  2. Account
  3. Settings

How do I set up Single Sign-On (SSO)?

You can set up SSO from your Mollie Dashboard. Once active, your team can sign in using your identity provider instead of a separate Mollie password.

Setting up SSO involves configuring both Mollie and your identity provider. You'll switch between them during the process, so keep both open.

 

What you need to know in advance

  • You'll need the Super Admin role in Mollie and admin access to your identity provider (IdP).
  • SSO is not currently available for accounts with a Mollie Business Account. If you use SSO to sign in to Mollie, you won't be able to open a Mollie Business Account.
  • We recommend that you don't log out until you've confirmed with another user that SSO is working.

 

Verifying your identity provider

  1. In your Mollie Dashboard, click your profile picture in the top left, then go to Settings > Access management.
  2. Under Single sign-on, click Configure.
  3. Select your identity provider from the list.
    • If your provider is recognised, it's automatically verified — click Next to continue.
    • If it's not listed, select I use a custom domain and enter your IdP domain (e.g. yourcompany.idpname.com).
    • If you can't find your provider at all, select I can't find my provider to send us a request.
  4. [Optional] If you entered a custom domain: in your DNS provider, add the TXT record shown. Then return to Mollie and click Verify DNS record
    • Note: DNS changes can take up to 72 hours to propagate.
  5. Click Next.

 

Configuring your identity provider

This section involves switching between Mollie and your IdP. Follow the instructions for the protocol you're using.

If you're using OIDC

 

  1. Select OIDC.
  2. Copy the Redirect URI shown in Mollie and paste it into your identity provider settings. 
    • Your IdP may label this field Callback URL or Authorisation redirect URI.
  3. In your identity provider, complete the OIDC application setup and copy these credentials:
    • Issuer URL
    • Client ID
    • Client secret
  4. Back in Mollie, enter those credentials into the corresponding fields.
  5. Click Test configuration to verify the connection.
  6. Click Next.

 

If you're using SAML 2.0

 

  1. Select SAML 2.0.
  2. Copy the ACS URL shown in Mollie and paste it into your identity provider settings. 
    • Your IdP may label this field Reply URL, Single Sign-On URL, or Assertion Consumer Service URL.

  3. In your identity provider, complete the SAML application setup. Then locate and copy these credentials. Note: your IdP may use different names for the same fields:

    Mollie field Your IdP may call this
    Entity ID Issuer, Identifier, Audience URI
    SSO URL IdP SSO URL, Login URL, Sign-in page URL
    x509 certificate Signing certificate, SAML certificate, X.509 certificate

     

  4. Back in Mollie, paste each credential into the corresponding field.
  5. Click Test configuration to verify the connection.
  6. Click Next.

 

 

Reviewing and activating

  1. Check the configuration summary.
  2. Under Configure allowed domains, click Add domain and enter the email domains that can use SSO to sign in. Only users with a matching email domain will be able to use SSO.
  3. Click Activate SSO.

Before logging out, confirm that at least one team member can sign in successfully using SSO. You can invite them to the organisation on the Teams page or use SCIM provisioning.

Once SSO is active, it's enforced for everyone whose email domain matches your allowed domains. Existing Mollie accounts on these domains are automatically linked, and they don't need to create new accounts or
accept new invites. They'll be prompted to sign in via SSO the next time they log in.

 

Read more