Quick start: SSO setup

This quick reference guide shows you where to look up all the values and certificates you need to set up Single Sign-On (SSO). Click the thumbnail images to view a larger version.

Note:
  • In some cases, users may be prevented from signing in with their email and password. This occurs if the feature "SAML authentication" is enabled on your application instance, and it only affects new users created after the feature was enabled.

    If "SAML authentication" is enabled a flag is displayed at the top of the SSO Settings page.

    You can view the affected users by selecting Product Settings > Manage Users in the navigation bar. The SSO column displays a flag for users that are restricted to SAML SSO login.

    If the SSO column is not included in the Manage Users table, no users are affected.

  • To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.
Alida Azure Okta OneLogin

Entity ID

From: Microsoft Entra Identifier

From: Identity Provider Issuer

From: Issuer URL

X.509 Certificate

From: Certificate (Base64)

From: X.509 Certificate

From: X.509 Certificate

Unique ID claim

Value: Not set

Value: userId

Matches Okta attribute:
  • Name: userId
  • Value: user.id

Value: userId

Matches OneLogin parameter:
  • Name: userId
  • Value: OneLogin ID
  • Flag: Include in SAML assertion

Email claim

Value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email

Matches Azure claim:
  • Name: email
  • Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims
  • Value: user.mail

Value: email

Matches Okta attribute:
  • Name: email
  • Value: user.email

Value: email

Matches OneLogin parameter:
  • Name: email
  • Value: Email
  • Flag: Include in SAML assertion

Username claim

Value: Not set

Value: Not set

Value: Not set

Use name ID for email

Value: False

Value: False

Value: False

Single Sign-On URL

Note: This value only appears after you provide Entity ID and X.509 Certificate values.

To: Reply URL (Assertion Consumer Service URL)

To: Single sign-on URL

To: ACS (Consumer) URL

Audience Entity ID

Note: This value only appears after you provide Entity ID and X.509 Certificate values.

To: Identifier (Entity ID)

50

To: Audience URI (SP Entity ID)

To: Audience (EntityID)

System for Cross-domain Identity Management (SCIM)

System for Cross-domain Identity Management (SCIM) is a protocol that standardizes how identity information is exchanged between one entity and another. It's an open standard and is widely used to simplify the process of granting people or groups access to cloud-based applications.

The key to understanding the purpose of SCIM is in its name:

  • System: SCIM creates a common format for how identity data is exchanged.
  • Cross-domain: SCIM securely communicates identity data across platforms.
  • Identity Management: SCIM automates the flow of information between an identity provider and cloud-based applications.

In an enterprise work scenario, using SCIM reduces the effort it takes to create, modify, and synchronize employee accounts and govern the resources employees have access to. It has the added benefit of reducing IT friction for employees because it works in tandem with other technologies that simplify how users sign in to apps.

To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.