Quick start: SSO setup

This quick reference guide shows you where to look up all the values and certificates you need to set up Single Sign-On (SSO). Click the thumbnail images to view a larger version.

Note:

In some cases, users may be prevented from signing in with their email and password. This occurs if the feature "SAML authentication" was enabled on your application instance, and it only affects new users created after the feature was enabled.
To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.

Alida	Azure	Okta	OneLogin
Entity ID	From: Microsoft Entra Identifier	From: Identity Provider Issuer	From: Issuer URL
X.509 Certificate	From: Certificate (Base64)	From: X.509 Certificate	From: X.509 Certificate
Unique ID claim	Value: Not set	Value: `userId` Matches Okta attribute: Name: `userId` Value: `user.id`	Value: `userId` Matches OneLogin parameter: Name: `userId` Value: `OneLogin ID` Flag: `Include in SAML assertion`
Email claim	Value: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email` Matches Azure claim: Name: `email` Namespace: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims` Value: `user.mail`	Value: `email` Matches Okta attribute: Name: `email` Value: `user.email`	Value: `email` Matches OneLogin parameter: Name: `email` Value: `Email` Flag: `Include in SAML assertion`
Username claim	Value: Not set	Value: Not set	Value: Not set
Use name ID for email	Value: False	Value: False	Value: False
Single Sign-On URL	To: Reply URL (Assertion Consumer Service URL)	To: Single sign-on URL	To: ACS (Consumer) URL
Audience Entity ID	To: Identifier (Entity ID) 50	To: Audience URI (SP Entity ID)	To: Audience (EntityID)

Alida

Azure

Okta

OneLogin

Entity ID

From: Microsoft Entra Identifier

From: Identity Provider Issuer

From: Issuer URL

X.509 Certificate

From: Certificate (Base64)

From: X.509 Certificate

Unique ID claim

Value: Not set

Value: userId

Matches Okta attribute:

Name: userId
Value: user.id

Value: userId

Matches OneLogin parameter:

Name: userId
Value: OneLogin ID
Flag: Include in SAML assertion

Email claim

Value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email

Matches Azure claim:

Name: email
Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims
Value: user.mail

Value: email

Matches Okta attribute:

Name: email
Value: user.email

Value: email

Matches OneLogin parameter:

Name: email
Value: Email
Flag: Include in SAML assertion

Username claim

Value: Not set

Use name ID for email

Value: False

Single Sign-On URL

To: Reply URL (Assertion Consumer Service URL)

To: Single sign-on URL

To: ACS (Consumer) URL

Audience Entity ID

To: Identifier (Entity ID)

To: Audience URI (SP Entity ID)

To: Audience (EntityID)

System for Cross-domain Identity Management (SCIM)

System for Cross-domain Identity Management (SCIM) is a protocol that standardizes how identity information is exchanged between one entity and another. It's an open standard and is widely used to simplify the process of granting people or groups access to cloud-based applications.

The key to understanding the purpose of SCIM is in its name:

System: SCIM creates a common format for how identity data is exchanged.
Cross-domain: SCIM securely communicates identity data across platforms.
Identity Management: SCIM automates the flow of information between an identity provider and cloud-based applications.

In an enterprise work scenario, using SCIM reduces the effort it takes to create, modify, and synchronize employee accounts and govern the resources employees have access to. It has the added benefit of reducing IT friction for employees because it works in tandem with other technologies that simplify how users sign in to apps.

To set up auto-provisioning using a System for Cross-Domain Identity Management (SCIM), please contact Alida Technical Support or your Customer Success Manager.