Single Sign-On (SSO) allows you to manage user access and credentials in a central system outside of Allocadia. This central system is referred to as an Identity Provider (IDP). When Allocadia is configured for SSO, users no longer sign in directly to Allocadia but rather are authenticated by their IDP. Access to Allocadia can be initiated either by Allocadia through a special "Initial Single Sign On" URL or by the IDP itself.
Allocadia SSO supports the SAML 2.0 protocol. Here are some of the details you will need to successfully setup SSO with Allocadia. Note that some of the configuration information is specific to the instance of Allocadia that your organization is provisioned on.
SAML Protocol version: SAML v2.0
Download Allocadia SAML Metadata:
secure.allocadia.com: https://secure.allocadia.com/allocadia/saml/metadata
securestandby.allocadia.com: https://securestandby.allocadia.com/allocadia/saml/metadata
eu1.allocadia.com: https://eu1.allocadia.com/allocadia/saml/metadata
eu1standby.allocadia.com: https://eu1standby.allocadia.com/allocadia/saml/metadata
na2.allocadia.com: https://na2.allocadia.com/allocadia/saml/metadata
na2standby.allocadia.com: https://na2standby.allocadia.com/allocadia/saml/metadata
Assertion Consumer Service (ACS) URL:
secure.allocadia.com: https://secure.allocadia.com/allocadia/saml/SSO
securestandby.allocadia.com: https://securestandby.allocadia.com/allocadia/saml/SSO
eu1.allocadia.com: https://eu1.allocadia.com/allocadia/saml/SSO
eu1standby.allocadia.com: https://eu1standby.allocadia.com/allocadia/saml/SSO
na2.allocadia.com: https://na2.allocadia.com/allocadia/saml/SSO
na2standby.allocadia.com: https://na2standby.allocadia.com/allocadia/saml/SSO
Entity ID:
secure.allocadia.com: com:allocadia:vancouver:bc:canada:production
securestandby.allocadia.com: com:allocadia:vancouver:bc:canada:securestandby
eu1.allocadia.com: https://eu1.allocadia.com
eu1standby.allocadia.com: https://eu1standby.allocadia.com
na2.allocadia.com: https://na2.allocadia.com
na2standby.allocadia.com: https://na2standby.allocadia.com
SAML Attributes (note that these may be case sensitive):
email
This attribute should be populated with the email address that is used as the Allocadia user ID. Note that this attribute is mandatory. Allocadia does not use the NameID or Subject SAML fields.
firstname
Optional field with the user's first name. If present along with lastname, the new users will be automatically registered when accessing for the first time. When this field changes, the user's first name will be updated automatically in Allocadia.
lastname
Optional field with the user's last name. If present along with first name, the new users will be automatically registered when accessing for the first time. When this field changes, the user's last name will be updated automatically in Allocadia.
title
Optional field with the user's title.
Note: After SSO has been enabled, only Administrators and API users can log in to Allocadia using the Allocadia Log in screen with their email address and Allocadia password. Other users will not be able to log in via this method. Access is provided in this manner to help troubleshoot the SSO setup.
Setting up Single Sign-On to Allocadia:
Click into your name's drop down menu in the top right of screen and select the Organization Settings.
Select Single Sign-On from the drop-down menu to navigate to the SSO page
On the Single Sign-On Tab, download Allocadia's Single Sign-On (SSO) Metadata File to your computer by clicking the SAML Metadata button
Upload your SSO Metadata by clicking the Choose & Upload File button
Enter the Logout Redirect URL. This field is required and is the URL that users will be redirected to when logging out of Allocadia.
Click the Enable Single Sign On checkbox to make Single Sign-On active in Allocadia.
Users should be able to access Allocadia using the URL provided in the Initiate Single Sign On field.
Tip: To obtain your IDP’s SSO Metadata, download your IDP's SSO Metadata File from the website or application.
Tip: You can also turn on the Enable Single Logout option. Some IDPs require that you upload a verification certificate. You can download Allocadia's SLO certificate by clicking the "Single Logout Certificate" button. Afterwards, upload this certificate into your IDP settings.