Welcome to the Single Sign-On (SSO) configuration guide! This document provides a step-by-step process to configure your SSO platform (Identity Provider, or IdP) and connect it to Savant, your Service Provider (SP). Currently, Savant only supports IdP-initiated SSO flow.
Features
Secure user authentication via IdP-initiated SSO.
Automatic user provisioning based on email addresses.
Integration with SAML 2.0 protocol.
Requirements
To set up SSO integration, the following requirements must be met:
Access to your SSO platform (e.g., Okta, Azure AD).
SAML 2.0 configuration capabilities in your IdP.
Savant Integration ID (provided by Savant).
Basic understanding of SSO/SAML setup.
Configuration
Savant supports multiple SSO platforms including the below mentioned for secure access:
Okta
Microsoft Azure
Step 1: Obtain Savant SAML Integration ID
Request the SAML Integration ID from Savant (e.g.,
integrationId=e771a42wtv).This ID will be used in the SP metadata URLs and Assertion Consumer Service URL (ACS URL).
Step 2: Gather SP Metadata from Savant
Use the following URLs to access the SP metadata for configuration in your IdP:
US Region:
SP Entity ID:
https://saml.savantlabs.io/saml2/service-provider-metadata/{integrationId}ACS URL (SSO URL):
https://saml.savantlabs.io/login/saml2/sso/{integrationId}
EU Region:
SP Entity ID:
https://saml-eu.savantlabs.io/saml2/service-provider-metadata/{integrationId}ACS URL (SSO URL):
https://saml-eu.savantlabs.io/login/saml2/sso/{integrationId}
Step 3: Create a SAML 2.0 Application in Your IdP
Add Savant as a new SAML 2.0 application in your IdP (e.g., Okta, Microsoft Entra ID / Azure AD).
Provide the SP Entity ID and ACS URL obtained in Step 2.
Ensure the Name ID format is set to emailAddress.
Map the user attributes:
First Name:
firstNameLast Name:
lastName
Optional: Customize the application logo by using the following links:
Step 4: Configure SSO Settings in Your IdP
For Okta:
Log in to Okta and navigate to the Applications section.
Create a new application, choose SAML 2.0, and paste the SP Entity ID and ACS URL from Step 2.
Set the Name ID format to emailAddress.
Map the firstName and lastName attributes.
Complete the configuration and save the settings.
The below screenshot shows how to collect Identity Provider Metadata URL using OKTA
For Azure AD (Microsoft Entra ID):
Navigate to Enterprise applications.
Select New application > Create your own application.
Name the application and choose Integrate any other application you don’t find in the gallery.
Select SAML-based Sign-On as the authentication method.
Use the SP metadata URLs from Step 2 to configure the Entity ID and ACS URL.
Ensure the Name ID format is emailAddress.
Save the application settings.
Step 5: Share IdP Metadata with Savant
Once the IdP is configured, obtain the IdP metadata URL from your IdP dashboard (e.g., from Okta or Azure AD).
Provide this metadata URL to the Savant team for further integration.
Step 6: User Access Configuration
In your IdP, configure the users or groups who have access to the Savant application.
For Okta:
Go to Assignments and assign the application to the relevant users or groups.
For Azure AD:
Navigate to Users and groups.
Assign the Savant app to the necessary users or groups.
Step 7: Test the SSO Integration
After Savant completes the integration, users can authenticate via IdP-initiated SSO:
Okta: Access via Okta User Home.
Azure AD: Access via My Apps Portal.
Alternatively, users can access the Savant app directly via the URL shared by the admin.
Troubleshooting
If you encounter issues during the SSO setup or authentication, follow these troubleshooting steps:
Ensure the SP metadata URL and ACS URL are correctly configured in your IdP.
Verify that the Name ID and other user attributes (like first and last name) are correctly mapped.
Ensure the appropriate users/groups have access to the Savant app in the IdP.
Ensure the IdP is correctly routing users to Savant via the ACS URL.
Don’t see what you’re looking for? Contact us in the Community or reach out in Chat Support