Single Sign-On (SSO) will require you to have an account with an Identity Provider (IdP). The first step is to configure your IdP. Here are some details you will need to successfully setup SSO with Allocadia:
- SAML Protocol version: SAML v2.0
- Assertion Consumer Service (ACS) URL:
- Secure: https://secure.allocadia.com/allocadia/saml/SSO
- Standby: https://securestandby.allocadia.com/allocadia/saml/SSO
- Entity ID (This needs to match the entity ID from the Allocadia SSO Metadata file):
- Secure: com:allocadia:vancouver:bc:canada:production
- Standby: com:allocadia:vancouver:bc:canada:securestandby
- Attribute / Subject Type / NameID: user's email address (we require an "email" to be set up. Without an email address the user does not exist in Allocadia)
- The "firstname", "lastname" and "title" attributes are optional. If not provided, new user will be presented with the registration page to capture this information (Updating "firstname" and "lastname" attributes in your IdP configuration will update those values in our system as well)
Note: After SSO has been enabled, only Administrators can log in to Allocadia using the Allocadia Log in screen with their email address and Allocadia password. Other users will not be able to log in via this method. Access is provided in this manner to help troubleshoot the SSO setup.
Setting up Single Sign-On to Allocadia:
- Click the Settings button beside your name at the top of the screen
- Select Single Sign-On from the drop-down menu to navigate to the SSO page
- On the Single Sign-On Tab, download Allocadia's Single Sign-On (SSO) Metadata File to your computer by clicking the SAML Metadata button
- Upload your SSO Metadata by clicking the Choose & Upload File button
Tip: To obtain your IdP’s SSO Metadata, upload the Allocadia SSO Metadata file to your IdP's website or application. Afterwards download your IdP's SSO Metadata File from the website or application.
Note: If there are no errors in the IdP's SSO Metadata File, the Enable Single Sign-On check box will be checked, and the IdP field will be auto populated with your IdP's URL. You must provide a "Logout Redirect URL." This field is required and is the URL that users will be redirected to when logging out.
Tip: You can also turn on the Enable Single Logout option. Some IdPs require that you upload a verification certificate. You can download Allocadia's SLO certificate by clicking the "Single Logout Certificate" button. Afterwards, upload this certificate into your IdP settings.