SAML SSO Authentication

Note: If  Okta is your IP service provider, see Configuring SAML 2.0 for Okta.

We recommend not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly.  

To enable SSO Authentication, the Admin user must be the account owner of the organization's single sign-on service provider.

To ENABLE ANODOT SAML SSO

  1. Open Anodot.
  2. On the main Navigation panel, click Settings > Authentication to open the Authentication window.
  3. In the Authentication dialog box, click the SAML switch ON RedSwitchON.ico. The SAML dialog box is displayed.
    SAML_sprint_54.png
  4. To enforce SAML single sign-on, click the For Admin users... check box.
    Note: The default is for SSO not to be enforced.. Anodot recommends not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly.  As long as Enforce is not enabled, Admin users can by-pass SSO and, for example, if locked out can access the system using their Anodot password. 
  5. Keep the Single sign-on Configuration: SAML page open.
  6. Open your organization's Single sign-on Identity Provider.
  7. Copy the single sign-on Login URL and 509 Certificate.
  8. Return to the Anodot Single sign-on Configuration: SAML page.
  9. Paste the single sign-on login URL and 509 Certificate in the Identity Provider Details in the corresponding Login URL  and Certificate fields.
  10. Copy Anodot's Service Provider Entity ID (issuer ID) and Assertion Consumer Services URL.
  11. Paste Anodot's Service Provider data into your single sign-on provider.
  12. Use a browser incognito window to test that the SAML configuration has been completed successfully. 
          Either Login using the Login URL on the SAML page
          Or go directly to https://app.anodot.com 

Anodot Service Provider Details

  • Anadot supports the HTTP-POST binding for SAML2:
     urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
  • Anadot will specify urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the Format of the NameIDPolicy in Assertion Requests.
  • Assertions must be signed.
  • The digest algorithm used is: sha256
  • For more details about Anodot SP Metadata, click More Details.  

For more information see: Anodot Configuring SAML 2.0 for Okta and Okta - How to Configure SAML 2.0 for Okta 

 

Was this article helpful?
0 out of 0 found this helpful