Skip to main content

Ideally SSO setup guide

Setting up SAML SSO improves security and enhances user convenience by streamlining the login process across multiple platforms.

Updated over 3 months ago

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) allows users to authenticate once and gain secure access to multiple applications. This guide provides step-by-step instructions for setting up SAML SSO within the Ideally platform, ensuring seamless and secure access for your organisation.

Step 1: Add a Domain

  1. Log in to your Ideally Admin account.

  2. Navigate to Manage Your Organisation and select Security from the side menu.

  3. Click on the + Add Domain button.

  4. Enter the domain you wish to associate with the SSO configuration (e.g., your company’s domain name).

Step 2: Validate Your Domain

  1. After adding the domain, you will be prompted to validate it.

  2. Ideally will provide a TXT record that needs to be added to your DNS provider’s settings.

  3. Copy the TXT record provided (e.g., ideally-domain-verification=…).

  4. Log in to your DNS provider’s portal and navigate to the DNS settings for your domain.

  5. Add a new TXT record using the information provided by Ideally.

  6. After updating your DNS settings, return to the Ideally platform and click on the Validate button.

  7. Once validated, the domain status will change from unconfirmed to confirmed.

Step 3: Configure the SAML Settings

  1. Friendly Name: Provide a name to describe your SAML connection.

  2. Default Role: Select the role that newly provisioned users will be assigned.

  3. Entity ID: Enter the unique Entity ID provided by your identity provider. This is typically in a URL format (e.g., urn:amazon:cognito:sp:ap-southeast-2_xlcAfG2ZD).

  4. ACS URL (Assertion Consumer Service URL): Enter the ACS URL provided by Ideally. This URL is used by the identity provider to send authentication responses, typically in the format: https://auth.goideally.com/saml2/idpresponse.

  5. Metadata: Choose between uploading metadata via URL or XML. Enter the metadata URL or upload the XML file provided by your identity provider.

Step 4: User Provisioning

  1. Just-In-Time (JIT) Provisioning: Ensure that JIT provisioning is enabled. This feature automatically provisions user accounts the first time they log in using SSO, based on the attributes sent by the identity provider.

  2. Map the following user attributes:

    • First Name: first_name (Required)

    • Last Name: last_name (Required)

    • Ensure email addresses match those used in your organisation’s identity provider.

Step 5: Enable and Test SSO

  1. After configuring the SAML settings, toggle the Enable switch to activate SSO for your organisation.

  2. Test the SSO configuration by attempting to log in as a user. Ensure the SAML assertion is sent correctly and users are successfully authenticated.

Step 6: Troubleshooting and Finalisation

  1. If users experience issues logging in, review the SAML response in the logs. Common issues include incorrect Entity ID, ACS URL, or metadata configuration.

  2. Once everything is confirmed to be functioning correctly, document the SSO setup and communicate this with your IT and support teams.

Regularly review and update the SSO settings to reflect any changes in your organisation’s identity management system.

Did this answer your question?