Single Sign-On (SSO) allows you to manage user access and credentials in a central system outside of Allocadia. This central system is referred to as an Identity Provider (IDP). When Allocadia is configured for SSO, users no longer sign in directly to Allocadia but rather are authenticated by their IDP. Access to Allocadia can be initiated either by Allocadia through a special "Initial Single Sign On" URL or by the IDP itself.
Allocadia SSO supports the SAML 2.0 protocol. Here are some of the details you will need to successfully setup SSO with Allocadia. Note that some of the configuration information is specific to the instance of Allocadia that your organization is provisioned on.
- SAML Protocol version: SAML v2.0
Download Allocadia SAML Metadata:
- secure.allocadia.com: https://secure.allocadia.com/allocadia/saml/metadata
- securestandby.allocadia.com: https://securestandby.allocadia.com/allocadia/saml/metadata
- eu1.allocadia.com: https://eu1.allocadia.com/allocadia/saml/metadata
- eu1standby.allocadia.com: https://eu1standby.allocadia.com/allocadia/saml/metadata
- na2.allocadia.com: https://na2.allocadia.com/allocadia/saml/metadata
- na2standby.allocadia.com: https://na2standby.allocadia.com/allocadia/saml/metadata
Assertion Consumer Service (ACS) URL:
- secure.allocadia.com: https://secure.allocadia.com/allocadia/saml/SSO
- securestandby.allocadia.com: https://securestandby.allocadia.com/allocadia/saml/SSO
- eu1.allocadia.com: https://eu1.allocadia.com/allocadia/saml/SSO
- eu1standby.allocadia.com: https://eu1standby.allocadia.com/allocadia/saml/SSO
- na2.allocadia.com: https://na2.allocadia.com/allocadia/saml/SSO
- na2standby.allocadia.com: https://na2standby.allocadia.com/allocadia/saml/SSO
- Entity ID:
- secure.allocadia.com: com:allocadia:vancouver:bc:canada:production
- securestandby.allocadia.com: com:allocadia:vancouver:bc:canada:securestandby
- eu1.allocadia.com: https://eu1.allocadia.com
- eu1standby.allocadia.com: https://eu1standby.allocadia.com
- na2.allocadia.com: https://na2.allocadia.com
- na2standby.allocadia.com: https://na2standby.allocadia.com
- SAML Attributes (note that these may be case sensitive):
- This attribute should be populated with the email address that is used as the Allocadia user ID. Note that this attribute is mandatory. Allocadia does not use the NameID or Subject SAML fields.
- Optional field with the user's first name. If present along with lastname, the new users will be automatically registered when accessing for the first time. When this field changes, the user's first name will be updated automatically in Allocadia.
- Optional field with the user's last name. If present along with first name, the new users will be automatically registered when accessing for the first time. When this field changes, the user's last name will be updated automatically in Allocadia.
- Optional field with the user's title.
Setting up Single Sign-On to Allocadia:
- Click into your name's drop down menu in the top right of screen and select the Organization Settings.
- Select Single Sign-On from the drop-down menu to navigate to the SSO page
- On the Single Sign-On Tab, download Allocadia's Single Sign-On (SSO) Metadata File to your computer by clicking the SAML Metadata button
- Upload your SSO Metadata by clicking the Choose & Upload File button
- Enter the Logout Redirect URL. This field is required and is the URL that users will be redirected to when logging out of Allocadia.
- Click the Enable Single Sign On checkbox to make Single Sign-On active in Allocadia.
- Users should be able to access Allocadia using the URL provided in the Initiate Single Sign On field.