Note: If Okta is your IP service provider, see Configuring SAML 2.0 for Okta.
The first Admin user is created by Anodot when a new account is created. The designated Admin user will receive a Welcome Email with a link and instructions how to setup a password. After the initial set up, all new users are added to the Anodot system by Admin users.
We recommend not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly.
To enable SSO Authentication, the Admin user must be the account owner of the organization's single sign-on service provider.
To ENABLE ANODOT SAML SSO
- Open the Anodot application.
- Click the menu on the top taskbar to display the navigation side pane.
- Click Settings > Authentication. The Single Sign-on Configuration window is displayed.
- Click the SAML switch ON . The SAML dialog box is displayed.
- To enforce SAML single sign-on, click the For Admin users... check box.
- We recommend not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly. As long as Enforce is not enabled, Admin users can by-pass SSO and, for example, if locked out can access the system using their Anodot password.
- The default is for SSO not to be enforced.
- Keep the Single sign-on Configuration: SAML page open.
- Open your organization's Single sign-on Identity Provider.
- Copy the single sign-on Login URL and 509 Certificate.
- Return to the Anodot Single sign-on Configuration: SAML page.
- Paste the single sign-on login URL and 509 Certificate in the Identity Provider Details in the corresponding Login URL and Certificate fields.
- Copy Anodot's Service Provider Entity ID (issuer ID) and Assertion Consumer Services URL.
- Paste Anodot's Service Provider data into your single sign-on provider.
- Use a browser incognito window to test that the SAML configuration has been completed successfully.
Either Login using the Login URL on the SAML page
Or go directly to https://app.anodot.com
Anodot Service Provider Details
- Anadot supports the HTTP-POST binding for SAML2:
- Anadot will specify urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the Format of the NameIDPolicy in Assertion Requests.
- Assertions must be signed.
- The digest algorithm used is: sha256
- For more details about Anodot SP Metadata, click More Details.