Set up SSO Configuration for SAML
Simplify login for your users with SSO and set up the SSO configuration. In this guide, we will show you how to set up SAML.
1
Go to Administration → SSO and Import Configurations and click Create.
2
Enter a Title and a Prefix. The prefix must be unique and must not contain any spaces (e.g. “internal”).
3
Select Configuration type “SAML” and switch to the Configuration tab.
4
Under Load metadata, add the IDP Metadata URL. You will receive this from your IT department.
- Example: https://login.microsoftonline.com/11111111-2222-3333-4444-555555555555/federationmetadata/2007-06/federationmetadata.xml?appid=11111111-2222-3333-4444-555555555555
5
Click the Load metadata button and check the Automatically update configuration box.
6
Save.
Depending on the IDP, further configurations are required. Here we show an example for EntraID.Example of an SSO configuration with EntraID
1
Edit the configuration for SAML by clicking on the title.
2
Go to Configuration in the Namespaces section.
3
Since EntraID works with empty namespaces, these must be adjusted in the configuration. Therefore, enter a space for Assertion and DSig.
4
Depending on the application, a user is identified differently in Avendoo. The following options are available:
- Check NameID against login
- Check free attribute against login
- Check free attribute against IDPUserID
Note: If the check via NameID is not to be used, we recommend changing the identifier in the NameID tag on the Tags tab.
Prerequisites
- Author account with the permission Administration: Change, create SSO and import configurations
- Your IT department needs the Avendoo Metadata URL. This is structured as follows: https://DOMAIN/l/samlLogin/sp-metadata?sso=PREFIX (e.g. https://academy.avendoo.de/l/samlLogin/sp-metadata?sso=internal)