About Single Sign-On

Optimize.png


Persona-ArticleFor.pngAllocadia-2017-HelpCentreGraphics-08.pngPersona-MarketingOps.pngPersona-Marketer.pngPersona-IT.png

 

Single Sign-On (SSO) allows you to manage user access and credentials in a central system outside of Allocadia. This central system is referred to as an Identity Provider (IDP). When Allocadia is configured for SSO, users no longer sign in directly to Allocadia but rather are authenticated by their IDP. Access to Allocadia can be initiated either by Allocadia through a special "Initial Single Sign On" URL or by the IDP itself.

Allocadia SSO supports the SAML 2.0 protocol. Here are some of the details you will need to successfully setup SSO with Allocadia. Note that some of the configuration information is specific to the instance of Allocadia that your organization is provisioned on.

  • Entity ID:
    • secure.allocadia.com: com:allocadia:vancouver:bc:canada:production
    • securestandby.allocadia.com: com:allocadia:vancouver:bc:canada:securestandby
    • eu1.allocadia.com: https://eu1.allocadia.com
    • eu1standby.allocadia.com: https://eu1standby.allocadia.com
    • na2.allocadia.com: https://na2.allocadia.com
    • na2standby.allocadia.com: https://na2standby.allocadia.com 
  • SAML Attributes (note that these may be case sensitive):
    • email
      • This attribute should be populated with the email address that is used as the Allocadia user ID. Note that this attribute is mandatory. Allocadia does not use the NameID or Subject SAML fields.
    • firstname
      • Optional field with the user's first name. If present along with lastname, the new users will be automatically registered when accessing for the first time. When this field changes, the user's first name will be updated automatically in Allocadia.
    • lastname
      • Optional field with the user's last name. If present along with firstname, the new users will be automatically registered when accessing for the first time. When this field changes, the user's last name will be updated automatically in Allocadia.
    • title
      • Optional field with the user's title.
Note: After SSO has been enabled, only Administrators and API users can log in to Allocadia using the Allocadia Log in screen with their email address and Allocadia password. Other users will not be able to log in via this method. Access is provided in this manner to help troubleshoot the SSO setup.

Setting up Single Sign-On to Allocadia:

    1. Click the Settings button beside your name at the top of the screen
    2. Select Single Sign-On from the drop-down menu to navigate to the SSO page 
    3. On the Single Sign-On Tab, download Allocadia's Single Sign-On (SSO) Metadata File to your computer by clicking the SAML Metadata button
    4. Upload your SSO Metadata by clicking the Choose & Upload File button
    5. Enter the Logout Redirect URL. This field is required and is the URL that users will be redirected to when logging out of Allocadia.
    6. Click the Enable Single Sign On checkbox to make Single Sign-On active in Allocadia.
    7. Users should be able to access Allocadia using the URL provided in the Initiate Single Sign On field.
Tip: To obtain your IDP’s SSO Metadata, download your IDP's SSO Metadata File from the website or application.
 
Tip: You can also turn on the Enable Single Logout option. Some IDPs require that you upload a verification certificate. You can download Allocadia's SLO certificate by clicking the "Single Logout Certificate" button. Afterwards, upload this certificate into your IDP settings.
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.