Monday.com
This guide explains how to set up Single Sign-On (SSO) between SmartLink and Monday.com using SAML 2.0 or OpenID Connect.
Prerequisites
- Monday.com Enterprise Plan
- Administrator access to Monday.com
- Verified email domain
- Application configured in SmartLink with SAML2 or OpenID Connect
Note: SSO is only available with the Monday.com Enterprise plan.
Configuration with SAML 2.0 (Recommended)
Configuration in SmartLink
1. Create the Application
- Log in to SmartLink as an administrator
- Go to Applications → Add
- Create a new application:
- Name: Monday.com
- URL:
https://[your-account].monday.com - Description: Work management platform
- Icon: Choose the Monday.com icon
2. Configure SAML2
- In the Authentication tab
- Select SAML2
- Configure the following parameters:
- Entity ID:
https://[your-smartlink].link.vaultys.org/[appid] - ACS URL:
https://[your-account].monday.com/saml2/acs - Format NameID:
emailAddress - App ID:
[appid](automatically generated unique identifier)
- Entity ID:
3. Retrieve the Metadata
Note the following URLs:
- IdP Metadata:
https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/metadata - SSO URL:
https://[your-smartlink].link.vaultys.org/api/saml2/sso/[appid] - SLO URL:
https://[your-smartlink].link.vaultys.org/api/saml2/slo/[appid] - Entity ID:
https://[your-smartlink].link.vaultys.org/[appid] - X.509 Certificate: Download from SmartLink
Configuration in Monday.com
1. Access SSO Settings
- Log in to Monday.com as an administrator
- Click on your avatar → Admin
- In the menu: Security → Single Sign-On
- Click on Set up SSO
2. Configure SAML
Select SAML and configure:
- SSO URL:
https://[your-smartlink].link.vaultys.org/api/saml2/sso/[appid] - Entity ID:
https://[your-smartlink].link.vaultys.org/[appid] - Certificate: Paste the X.509 certificate from SmartLink
- Sign Out URL:
https://[your-smartlink].link.vaultys.org/api/saml2/slo/[appid]
3. Attribute Configuration
| Monday Attribute | SAML Attribute | Required |
|---|---|---|
email | ✅ | |
| First Name | firstName | ✅ |
| Last Name | lastName | ✅ |
| Title | title | ❌ |
| Team | department | ❌ |
Configuration with OpenID Connect
Configuration in SmartLink
1. Configure OpenID Connect
- In the Monday.com application
- Authentication tab → OpenID Connect
- Note:
- Client ID:
monday-xxxxxx - Client Secret:
secret-xxxxxx - App ID:
[appid]
- Client ID:
2. Redirect URLs
Add:
https://[your-account].monday.com/auth/oidc/callback
Configuration in Monday.com
- In Security → Single Sign-On
- Select OpenID Connect
- Configure:
- Discovery URL:
https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/.well-known/openid-configuration - Client ID:
monday-xxxxxx - Client Secret:
secret-xxxxxx - Scopes:
openid profile email groups
Workspace Configuration
Organizational Structure
workspaces:
- name: "Marketing"
default_role: "member"
groups:
- "smartlink-marketing"
boards:
- "Campaigns"
- "Content Calendar"
- "Social Media"
- name: "Development"
default_role: "member"
groups:
- "smartlink-developers"
boards:
- "Sprint Planning"
- "Bug Tracking"
- "Feature Requests"
- name: "Management"
default_role: "viewer"
groups:
- "smartlink-executives"
boards:
- "Company OKRs"
- "Financial Reports"
Permissions and Roles
| Role | Permissions |
|---|---|
| Owner | Full account control |
| Admin | User and settings management |
| Member | Content creation and editing |
| Viewer | Read-only access |
| Guest | Limited access to certain boards |
SCIM Configuration
For automatic user synchronization:
{
"scim_endpoint": "https://[your-account].monday.com/scim/v2",
"scim_token": "Bearer xxxxxx",
"provisioning": {
"create_users": true,
"update_users": true,
"deactivate_users": true,
"sync_groups": true
}
}
Automations with SSO
Automatic Board Creation
// Automation to create boards based on groups
const mondaySDK = require('monday-sdk-js');
const monday = mondaySDK();
async function createBoardForGroup(groupName, userEmail) {
const boardTemplate = {
'smartlink-sales': 'sales-pipeline-template',
'smartlink-marketing': 'marketing-campaign-template',
'smartlink-dev': 'sprint-board-template'
};
if (boardTemplate[groupName]) {
const board = await monday.api(`
mutation {
duplicate_board(
board_id: ${boardTemplate[groupName]},
board_name: "${groupName} Workspace",
owner_ids: [${userEmail}]
) {
id
}
}
`);
return board;
}
}
Workflows Based on Authentication
automation:
- trigger: "user_login_sso"
conditions:
- first_login: true
- group: "smartlink-new-employees"
actions:
- create_board: "onboarding_template"
- assign_to_team: "hr_team"
- send_notification: "welcome_message"
- add_to_board: "company_announcements"
Integration with Monday.com API
API Configuration with SSO
const fetch = require('node-fetch');
class MondayAPIClient {
constructor(apiKey) {
this.apiKey = apiKey;
this.apiUrl = 'https://api.monday.com/v2';
}
async getUserBySSOEmail(email) {
const query = `
query {
users(emails: ["${email}"]) {
id
name
email
teams {
id
name
}
}
}
`;
const response = await fetch(this.apiUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': this.apiKey
},
body: JSON.stringify({ query })
});
return response.json();
}
}
Webhooks for Synchronization
// Webhook to synchronize SSO changes
app.post('/webhook/monday-sso', async (req, res) => {
const { event, userId, userEmail, groups } = req.body;
switch(event) {
case 'user.created':
await createUserWorkspace(userId, userEmail);
break;
case 'user.updated':
await updateUserPermissions(userId, groups);
break;
case 'user.deactivated':
await archiveUserContent(userId);
break;
}
res.status(200).send('OK');
});
Configuration Testing
1. Connection Test
- Log out of Monday.com
- Go to
https://[your-account].monday.com - Click on Log in with SSO
- Enter your company email
- Authenticate via SmartLink
- Verify access to Monday.com
2. Permissions Test
# Test via the API
curl -X POST https://api.monday.com/v2 \
-H "Authorization: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "{ me { name email teams { name } } }"}'
3. Mobile Testing
Monday.com applications support SSO:
- Monday.com iOS/Android
- Monday.com Desktop (Windows/Mac)
Troubleshooting
"SAML assertion failed" Error
Issue: SAML assertion is rejected
Solution:
- Verify that the Entity ID is
[appid] - Check the NameID format:
emailAddress - Ensure the email exists in Monday.com
- Check the logs: Admin → Activity Log
"User not authorized" Error
Issue: User cannot access
Solution:
- Verify the email domain is verified
- Ensure the user is invited in Monday.com
- Check SCIM groups if configured
Groups Not Synchronized
Issue: Monday teams do not match SmartLink groups
Solution:
<!-- Correct format for SAML groups -->
<saml:Attribute Name="groups">
<saml:AttributeValue>smartlink-monday-admins</saml:AttributeValue>
<saml:AttributeValue>smartlink-monday-users</saml:AttributeValue>
</saml:Attribute>
Automation Issues
Issue: Automations do not trigger for SSO users
Solution:
- Check that the user has necessary permissions
- Ensure the automation is enabled for "All users"
- Test with a non-SSO account to isolate the issue
Security
Recommended Configuration
{
"security_settings": {
"enforce_sso": true,
"session_duration": "8h",
"ip_restrictions": {
"enabled": true,
"whitelist": ["10.0.0.0/8", "192.168.0.0/16"]
},
"2fa_backup": true,
"audit_retention": "365d",
"api_token_expiry": "90d",
"guest_restrictions": {
"disable_export": true,
"disable_api_access": true,
"view_only": true
}
}
}
Compliance
- SOC 2 Type II: Certified
- ISO 27001: Certified
- GDPR: Compliant with available DPA
- HIPAA: Compliant (Enterprise+ plan)
User Migration
Migration Script
import requests
import csv
from datetime import datetime
class MondaySSOMigration:
def __init__(self, api_key, account_id):
self.api_key = api_key
self.account_id = account_id
self.api_url = "https://api.monday.com/v2"
def migrate_users(self, csv_file):
"""Migrate users to SSO"""
with open(csv_file, 'r') as file:
reader = csv.DictReader(file)
results = []
for user in reader:
result = self.migrate_single_user(user)
results.append(result)
return results
def migrate_single_user(self, user):
# Disable password auth
# Send SSO invitation
# Log the result
pass