Setting up Single Sign-on (SSO)

Step by step guide on how to set up SSO for your organization's OpenEnvoy workspace

 

• Introduction
• Setting Up SSO
• OpenEnvoy Service Information
• Attributes Mapping
• Metadata File
• Guidelines for SSO Setup
• SAML with G Suite
• Azure

Introduction

Large enterprises use a number of services with a large number of end-users. It is almost impossible to manage hundreds, thousands, or tens of thousands of users across tens or hundreds of different applications. Due to this, enterprises have been utilizing Single Sign-On to manage the provisioning, de-provisioning, and providing permissions to accounts throughout the years. 

There are several standards that will allow your organization to manage users in a single directory. The leading standard is SAML.

OpenEnvoy has a generic SAML 2.0 implementation that supports Single-Sign-On through many other integrated vendors. While the integration steps may vary slightly in each case, these are the general guidelines for SAML integration.

Setting up SSO for OpenEnvoy

You will need to register OpenEnvoy as a service in your system. After registering the OpenEnvoy app, please share the SAML metadata file with your CSM or support@openenvoy.com.

OpenEnvoy Service Information

When configuring the SSO app as the service, you will need the below links to register OpenEnvoy in your Single Sign-On instance:

• Service URL: https://auth.openenvoy.io/saml2/idpresponse
• Entity Identifier: urn:amazon:cognito:sp:us-west-2_S2UwpguT2

Attributes Mapping

OpenEnvoy expects SSO to provide the following attributes for every user, which is basic information for users to sign into the OpenEnvoy application:

• primary_email
• first_name
• last_name

Metadata File

After the OpenEnvoy application is configured with the above information, your IT admin will need to send us the SAML Metadata file. This file has two pieces of information:

• Sign-on/SAML URL
• x.509 Certificate or Formatted Fingerprint

Please send either the XML metadata file or the document link to your CSM or support@openenvoy.com.

Guides for SSO Setup

We support most of the popular SSO options out there including:

• OneLogin
• Okta
• Active Directory Federation Services
• Azure Active Directory

SAML with G Suite

Google G Suite for businesses now supports SAML 2.0 Single-Sign-On (SSO).

To implement this, please visit: Set up your own custom SAML application

Azure

• Understand SAML-based single sign-on (SSO) for apps in Azure Active Directory
• Quickstart: View the list of applications that are using your Azure Active Directory (Azure AD) tenant for identity management