This article will walk you through how to set up SSO for Intricately using the SAML 2.0 protocol.
Prerequisites
- You must be an Enterprise customer
- You must have access to SSO enabled for your plan. Contact us to get this set up!
- You must be a Team Admin.
- You must have an existing Identity Provider (IdP)
Configuration Steps
Step 1 - Select Your SSO Protocol
- Log in to your Intricately account.
- Navigate to the user menu in the top right and select SSO Configuration.
- Select SAML 2.0 as your SSO Protocol.
- Once you've selected a protocol, the SSO Configuration form will update to walk you through the rest of the relevant steps.
Step 2 - Get Your Single Sign-On URL and Audience URI
First, copy and save the Intricately information you'll need to provide to your Identity Provider (IdP).
-
In the SSO Configuration form, copy and save the Single Sign-On URL:
- Copy and save the Audience URI:
You'll need these in the next step.
Step 3 - Configure Settings in Your IdP
-
Log in to your Identity Provider (IdP).
-
Enter the Single Sign-On URL and the Audience URI you copied from the previous step. The exact appearance of the input form may vary based on your IdP.
- You will need to set up your SAML configuration and add an Attribute Statement. The attribute name should be email, the name format could be Unspecified and the value should be the variable in your IdP that relates to the user email.
-
Configure your desired SAML 2.0 SSO behavior based on your IdP's process.
Step 4 - Get Your IdP XML Metadata
-
Still within your IdP, generate the SAML 2.0 IdP Metadata XML. The exact values will vary based on your settings, but the XML should look similar to this:
- Now, log back in to Intricately and open the SSO Configuration page. Paste the Metadata XML text into the configuration form.
- Click SAVE CONFIGURATION. This will save the values you input-- without activating SSO for the team yet.
Step 5 - Set User Permissions
When SSO is enabled, you'll control who can access Intricately from your IdP. It's important to provision access before you activate SSO, to ensure that your team will be able to log in once SSO is active and required.
-
In your IdP, provision access to the users or user groups you want to allow to authenticate to Intricately. The exact steps may vary based on your provider.
-
Save this configuration and return to Intricately.
Step 6 - Activate SSO
-
Ensure that you've completed all the setup steps above, including provisioning access to users.
- Confirm that you're ready to activate SSO. Once you activate:
- All users on the team will automatically be logged out of Intricately
- Authentication via social login (Google, Salesforce, or LinkedIn) will be disabled for your team
- All users will be required to authenticate to Intricately via SSO
-
Once you're sure you're ready to activate SSO, click the SSO Authentication toggle to turn it on:
Step 7 - Validate SSO
Test your configuration via the Intricately login process.
-
Ensure you are logged out. Then return to the Intricately web application through this link: https://my.intricately.com/login?sso=true.
-
-
Enter your work email and hit Submit.
-
The web page will redirect to your IdP Org login page, if you don’t have an active IdP session in your browser. You can enter your IdP credentials and you will be redirected and signed in to Intricately Application.
-
If you have an active IdP session in your browser, then you will be seamlessly logged in to Intricately Application.
-
Test your configuration through your IdP console:
-
Login to your IdP and go to the list of available applications.
-
Click on Intricately app to automatically login to Intricately Application.
You've now successfully set up SSO for Intricately!
Comments
0 comments
Please sign in to leave a comment.