Savant

Savant supports custom SSO for companies using identity services like Okta. ​ There are two types of SSO flow: IdP-initiated and SP-initiated.

In an IdP-initiated flow, the user logs in to the SSO platform first, then clicks the card for the Savant app, then lands on the landing page.

In an SP-initiated flow, the user goes to the Savant app login page first. Then the Savant app routes the user to the SSO platform. The routing is usually done by letting the user provide an email whose domain is bound to an IdP in Savant’s DB.

- In an IdP-initiated flow, the user logs in to the SSO platform first, then clicks the card for the Savant app, then lands on the landing page.
   
- In an SP-initiated flow, the user goes to the Savant app login page first. Then the Savant app routes the user to the SSO platform. The routing is usually done by letting the user provide an email whose domain is bound to an IdP in Savant’s DB.

Savant supports the IdP-initiated flow.

Note, once the Idp-initiated flow is set up, user access to the Savant app via direct URL (app.savantlabs.io) will not be allowed for your organization.

Please follow the step-by-step instructions below to configure your SSO application.

Step #1: Collect the required information from Savant

Reach out to your customer support representative to obtain a unique integration id (e.g. integrationId=e771a42wtv). You will need this id to construct the URLs needed in step #2.

Step #2: Build metadata URLs required to configure the SSO application

Build SP Entity ID URL by replacing {integrationId} with the integration id provided in step #1.

- US: <a href="https://saml.savantlabs.io/saml2/service-provider-metadata/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml.savantlabs.io/saml2/service-provider-metadata/{integrationId}</a>
- EU: <a href="https://saml-eu.savantlabs.io/saml2/service-provider-metadata/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml-eu.savantlabs.io/saml2/service-provider-metadata/{integrationId}</a>

Build Assertion Consumer Service URL ( also called the SSO URL) by replacing {integrationId} with the intrgration id provided in step #1.

- US: <a href="https://saml.savantlabs.io/login/saml2/sso/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml.savantlabs.io/login/saml2/sso/{integrationId}</a>
- EU: <a href="https://saml-eu.savantlabs.io/login/saml2/sso/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml-eu.savantlabs.io/login/saml2/sso/{integrationId}</a>

- Build SP Entity ID URL by replacing {integrationId} with the integration id provided in step #1.
 
 - US: <a href="https://saml.savantlabs.io/saml2/service-provider-metadata/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml.savantlabs.io/saml2/service-provider-metadata/{integrationId}</a>
 - EU: <a href="https://saml-eu.savantlabs.io/saml2/service-provider-metadata/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml-eu.savantlabs.io/saml2/service-provider-metadata/{integrationId}</a>
 
- Build Assertion Consumer Service URL ( also called the SSO URL) by replacing {integrationId} with the intrgration id provided in step #1.
 
 - US: <a href="https://saml.savantlabs.io/login/saml2/sso/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml.savantlabs.io/login/saml2/sso/{integrationId}</a>
 - EU: <a href="https://saml-eu.savantlabs.io/login/saml2/sso/{integrationId}" rel="nofollow noopener noreferrer" target="_blank">https://saml-eu.savantlabs.io/login/saml2/sso/{integrationId}</a>

Step #3: Create a SAML 2.0 application in your identity provider

Enter SP Entity ID and SSO URLs in the application configuration

If your application setup requires a logo, you can get it from this link:

- <a href="https://assets.savantlabs.io/brand/icon.png" rel="nofollow noopener noreferrer" target="_blank">https://assets.savantlabs.io/brand/icon.png</a>
- <a href="https://assets.savantlabs.io/brand/logo.png" rel="nofollow noopener noreferrer" target="_blank">https://assets.savantlabs.io/brand/logo.png</a>

The user ID from the SAML assertion must be an email address. Choose emailAddress as the Name ID format

Make sure to map the <code>firstName</code> and <code>lastName</code> attributes.

- Enter SP Entity ID and SSO URLs in the application configuration
 
- If your application setup requires a logo, you can get it from this link:
 - <a href="https://assets.savantlabs.io/brand/icon.png" rel="nofollow noopener noreferrer" target="_blank">https://assets.savantlabs.io/brand/icon.png</a>
 - <a href="https://assets.savantlabs.io/brand/logo.png" rel="nofollow noopener noreferrer" target="_blank">https://assets.savantlabs.io/brand/logo.png</a>
 
- The user ID from the SAML assertion must be an email address. Choose emailAddress as the Name ID format
 
- Make sure to map the <code>firstName</code> and <code>lastName</code> attributes.

 The below screenshot shows the  SMAL 2.0 application configuration using OKTA

Step #4: Send the SSO application Metadata URL to Savant

Obtain the Identity Provider Metadata URL for your SSO application from your identity provider

Send the URL to your Savant customer support representative.

Savant customer support will complete the SSO setup in Savant and notify you.

- Obtain the Identity Provider Metadata URL for your SSO application from your identity provider
   
- Send the URL to your Savant customer support representative.
   
- Savant customer support will complete the SSO setup in Savant and notify you.

 The below screenshot shows how to collect Identity Provider Metadata URL using OKTA

 Once you recieve a confirmation from your Savant representative, the SSO setup is complete and ready to use.

Configure SSO platform

Step #1: Collect the required information from Savant

Step #2: Build metadata URLs required to configure the SSO application

Step #3: Create a SAML 2.0 application in your identity provider

Step #4: Send the SSO application Metadata URL to Savant