Okta
1. SAML Config Provided by Alloy
For basic SAML Configuration, complete the fields as indicated below.
- Single sign on URL: ****
[https://app.alloy.co/sso/saml/?acs](https://alloy.co/sso/saml/?acs)
- Audience URI (also called "SP Entity ID" / "Service Provider Entity ID"): ****
AlloyIAV
- Default RelayState: Leave field blank
- Name ID format:
Unspecified
is fine.

2. Attribute Statements
It is critical to configure the Identity Provider to map the user's email address, first name, last name, and phone number to attributes with these exact names (case sensitive):
(Please note: the Value
field may vary depending on the Identity Provider. Those shown below are sample values using Okta as reference.)
Email
: User's email address - in Okta:user.email
firstName
: User's first name - in Okta:user.firstName
lastName
: User's last name - in Okta:user.lastName
phone
: User's phone number ****- in Okta:user.mobilePhone

3. Providing IdP Metadata to Alloy
Once you have completed all the SAML fields and created an integration for Alloy, you will need to extract the Identity Provider Metadata XML document which has the configured SAML fields so that we can securely verify login requests coming from your identity provider. Once downloaded, you can send our Support team this XML file, and we will extract the information we need to enable SAML-based authentication for your organization.

The IdP metadata fields as shown in Okta.
4. Configuring a Default Role
Before you can use SAML, you MUST configure a default role for your users in the Alloy settings. This role will determine the permissions that your user has when they first log in.
The first time a user logs in using SAML SSO, they will be added to the Alloy system as an "Agent", and will be given this default role. Agents with Admin permission can then go in and assign them a different role, if they need additional privileges.
- Be sure that you have Admin permission in Alloy, and log in to your dashboard.
- Navigate to Settings in the sidebar, and then select Roles from the list.


3. On the Roles page, you should see a list of roles. By default these include "Admin" and "User," but your organization may have configured different ones.

- Select the role that you want to designate as the default for new SAML users. Click the icon with a pencil to edit the role. (You could also create a new role first, by filling out the form at the top and clicking "Save.")

You do not want to select the Admin role, unless you want all your users to have full control over your data and settings in Alloy.
- Check the box labeled "Designate this role as the organizational default for new users," and apply your changes by clicking "Save."


- You have now set a default user role for your org, and are ready to use SAML! Notice the addition of the "Default Role" label that will tell you your default role, when you return to this page in the future.

Updated 5 months ago