Note: If Okta is your IP service provider, see Configuring SAML 2.0 for Okta.
We recommend not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly.
To enable SSO Authentication, the Admin user must be the account owner of the organization's single sign-on service provider.
To Enable Anodot SAML SSO
- Open Anodot.
- On the main Navigation panel, click Settings > Authentication to open the Authentication window.
- In the Authentication dialog box, click the SAML switch ON . The SAML dialog box is displayed.
- To enforce SAML single sign-on, click the For Admin users... check box.
Note: The default is for SSO not to be enforced.. Anodot recommends not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly. As long as Enforce is not enabled, Admin users can by-pass SSO and, for example, if locked out can access the system using their Anodot password.
- Keep the Single sign-on Configuration: SAML page open.
- Open your organization's Single sign-on Identity Provider.
- Copy the single sign-on Login URL and 509 Certificate.
- Return to the Anodot Single sign-on Configuration: SAML page.
- Paste the single sign-on login URL and 509 Certificate in the Identity Provider Details in the corresponding Login URL and Certificate fields.
- Copy Anodot's Service Provider Entity ID (issuer ID) and Assertion Consumer Services URL.
- Paste Anodot's Service Provider data into your single sign-on provider.
- Use a browser incognito window to test that the SAML configuration has been completed successfully.
Either Login using the Login URL on the SAML page
Or go directly to https://app.anodot.com
Anodot Service Provider Details
- Anodot supports the HTTP-POST binding for SAML2:
- Anodot requires the NameID Policy in Assertion Requests to be in email format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Assertions must be signed.
- The digest algorithm used is: sha256
- For details about Anodot SP Metadata, click the More Details link (see screenshot above)