Note: If Okta is your IP service provider, see Configuring SAML 2.0 for Okta.
The first Admin user is created by Anodot when a new account is created. The designated Admin user will receive a Welcome Email with a link and instructions how to setup a password. After the initial set up, all new users are added to the Anodot system by Admin users.
We recommend not to enforce SAML authentication until after verifying that Anodot SAML Authentication has been set up correctly.
To enable SSO Authentication, the Admin user must be the account owner of the organization's single sign-on service provider.
To enable Anodot SAML SSO
- Open the Anodot application.
- Click the Settings Icon in the Main Anodot window.
- Select Authentication from the drop-down menu. The Single sign-on Configuration: SAML page is displayed.
Note: If the SAML form is not displayed, click the SAML toggle button .
- In the Enforce section:
Enable to enforce SAML SSO authentication only. The Admin password is ignored.
If Enforce is not enabled, Admin users will be able to by-pass SSO and for example if locked out will be able to access the system by using their Anodot password.
The default is for SSO not to be enforced.
- Keep the Single sign-on Configuration: SAML page open.
- Open your organization's Single sign-on Identity Provider.
- Copy the single sign-on Login URL and 509 Certificate.
- Return to the Anodot Single sign-on Configuration: SAML page.
- Paste the single sign-on login URL and 509 Certificate in the Identity Provider Details in the corresponding Login URL and Certificate fields.
- Copy Anodot's Service Provider Entity ID (issuer ID) and Assertion Consumer Services URL.
- Paste Anodot's Service Provider data into your single sign-on provider.
- Use a browser incognito window to test that the SAML configuration has been completed successfully.
Either Login using the Login URL on the SAML page
Or go directly to https://app.anodot.com
Anodot Service Provider Details
- Anadot supports the HTTP-POST binding for SAML2:
- Anadot will specify urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the Format of the NameIDPolicy in Assertion Requests.
- Assertions must be signed.
- The digest algorithm used is: sha256
- For more details about Anodot SP Metadata, click More Details.