Quick start: SSO setup

This quick reference guide shows you where to look up all the values and certificates you need to set up Single Sign-On (SSO). Click the thumbnail images to view a larger version.

Note:

  • In some cases, only users that are members of verified domains can be added to your community. This occurs if the community-level SSO-only mode is enabled. In this case, a flag is displayed at the top of the SSO Settings page.

    In some cases, users may be prevented from signing in with their email and password. This occurs if the domain-level SSO-only mode is enabled for selected domains. In this case, a flag is displayed at the top of the SSO Settings page. You can view the affected users by selecting Product Settings > Manage Users in the navigation bar. The SSO column displays a flag for users that are restricted to SSO login only.

    If the SSO column is not included in the Manage Users table, no users are affected.

  • To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.

Azure quick start

The following table lists the fields that you need to configure in the Alida SSO Settings page, and the corresponding fields in Azure with the required information.

Azure SAML-based Sign-on page Alida SSO Settings page

From: Microsoft Entra Identifier

Entity ID

From: Certificate (Base64)

X.509 Certificate

Value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email

Matches Azure claim:
  • Name: email
  • Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims
  • Value: user.mail

Email claim

After you configure the SSO Settings page in Alida, you need to copy settings from the SSO Information page to your Azure configuration.

Alida SSO Information page Azure SAML-based Sign-on page

Single Sign-On URL

To: Reply URL (Assertion Consumer Service URL)

Audience Entity ID

To: Identifier (Entity ID)

50

For detailed instructions, see Set up SSO with Azure.

Okta quick start

The following table lists the fields that you need to configure in the Alida SSO Settings page, and the corresponding fields in Okta with the required information.

Okta Alida SSO Settings page

From: Identity Provider Issuer

Identity Provider Issuer

From: X.509 Certificate

X.509 Certificate

Value: userId

Matches Okta attribute:
  • Name: userId
  • Value: user.id

Unique ID claim

Value: email

Matches Okta attribute:
  • Name: email
  • Value: user.email

Email claim

After you configure the SSO Settings page in Alida, you need to copy settings from the SSO Information page to your Okta configuration.

Alida SSO Information page Okta SAML 2.0 page

Single Sign-On URL

To: Single sign-on URL

Audience Entity ID

To: Audience URI (SP Entity ID)

For detailed instructions, see Set up SSO with Okta.

OneLogin quick start

The following table lists the fields that you need to configure in the Alida SSO Settings page, and the corresponding fields in OneLogin with the required information.

OneLogin Alida SSO Settings page

From: Issuer URL

Issuer URL

From: X.509 Certificate

X.509 Certificate

Value: userId

Matches OneLogin parameter:
  • Name: userId
  • Value: OneLogin ID
  • Flag: Include in SAML assertion

Unique ID claim

Value: email

Matches OneLogin parameter:
  • Name: email
  • Value: Email
  • Flag: Include in SAML assertion

Email claim

After you configure the SSO Settings page in Alida, you need to copy settings from the SSO Information page to your OneLogin configuration.

Alida SSO Information page OneLogin SAML Custom Connector (Advanced) page

Single Sign-On URL

To: Single sign-on URL

Audience Entity ID

To: Audience URI (SP Entity ID)

For detailed instructions, see Set up SSO with OneLogin.

System for Cross-domain Identity Management (SCIM)

System for Cross-domain Identity Management (SCIM) is a protocol that standardizes how identity information is exchanged between one entity and another. It's an open standard and is widely used to simplify the process of granting people or groups access to cloud-based applications.

The key to understanding the purpose of SCIM is in its name:

  • System: SCIM creates a common format for how identity data is exchanged.
  • Cross-domain: SCIM securely communicates identity data across platforms.
  • Identity Management: SCIM automates the flow of information between an identity provider and cloud-based applications.

In an enterprise work scenario, using SCIM reduces the effort it takes to create, modify, and synchronize employee accounts and govern the resources employees have access to. It has the added benefit of reducing IT friction for employees because it works in tandem with other technologies that simplify how users sign in to apps.

To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.