![Avoma_Logo_Dark_Large-1.png]](https://help.avoma.com/hs-fs/hubfs/Avoma_Logo_Dark_Large-1.png?height=23&name=Avoma_Logo_Dark_Large-1.png){kind=logo}
Introduction
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. SSO works based upon a trust relationship set up between an application, known as the service provider, (in this case Avoma) and an IDP (identity provider), like Okta, Azure AD, One Login etc.
Single Sign-On (SSO) is a feature that is available only on select subscription plans. To confirm whether your organization qualifies for this feature, please visit the pricing page before requesting its activation.
This help article documents the process of setting up SSO with Okta using the Open ID connect (OIDC) protocol or SAML 2.0 protocol for your Avoma account.
Disclaimer :
Please note that after SSO is enabled for your account, users will only be able to log in using SSO. Other authentication methods, such as Log in with Google/Microsoft, will no longer be functional.
While we recommend Okta Open ID Connect (OIDC) as the preferred authentication protocol for SSO with Avoma, we also support SAML 2.0 authentication protocol.
You can choose either ways to setup SSO.
Setting up SSO for Avoma with Okta OIDC
Setting up SSO for Avoma with Okta OIDC is a two step process.
- Create an Avoma app in Okta with OIDC option
- Provide details to set up Okta OIDC in Avoma.
Step 1 : Create an Avoma app in Okta
Prerequisite : You must be an admin in Okta to be able to set up Avoma app in Okta for SSO
- Log in to your Okta account > Admin > Applications section.
- Click on Create App Integration
- Select "OIDC" as the Sign-In Method and "Web Application" as the Application Type. Then click on the "Next" button.
- In the General settings, enter "Avoma (OIDC)" as the App integration name and select “Authorisation Code“ as the grant type.
- In the Login section,
- Enter https://app.avoma.com/okta/oidc in the Sign-in redirect URIs field.
If you also use mobile app , Add additional URI "com.avoma:/callback" in the Sign-in redirect URIs field - Enter https://app.avoma.com/login in the Sign-out redirect URIs field
- Enter https://app.avoma.com/okta/oidc in the Sign-in redirect URIs field.
- In the controlled access section, choose “Skip group assignment for now“
- Click Save. A custom OIDC Okta app will be created. Continue to configure the app and assign users to it.
- Make note of the Client credentials - Client ID and Client Secret.
- Go back to the new app and look for the LOGIN in the General tab.
- In the “Login initiated by” section, select “Either Okta or app”.
- For Application Visibility, select “Display application icon to users“
- For Login flow, select Redirect to app to initiate login (OIDC Compliant).
- For Initiate login URI, enter: https://app.avoma.com/oidc/login
- Click Save.
- Click the Sign On tab and go to the Open ID Connect ID Token section.
- For the Issuer URL, select Okta URL. Make a note of it. The URL usually appears in the following format: https://<companyname>.okta.com.
- Now go to the Assignments tab and assign the app users and/or groups that should have access to Avoma.
Step 2: Set up Okta OIDC in Avoma
Currently, Avoma sets up an SSO on your behalf for your organization. Please contact Avoma Support or your Customer Success Manager and provide the following details:
- Client ID
- Client Secret
- Issuer URL
Once Avoma has configured SSO for you, you will receive a confirmation. Avoma will also terminate the existing sessions for all your users so that they can freshly log in using SSO.
Your users can then start using the SSO option on the Avoma login screen to access their accounts.
Setting up SSO with Okta SAML 2.0
Setting up SSO for Avoma with Okta SAML is a two step process.
- Create an Avoma app in Okta with SAML 2.0 option
- Provide details to set up Okta SAML SSO in Avoma.
Step 1 : Create an Avoma app in Okta with SAML 2.0 option
Prerequisite : You must be an admin in Okta to be able to set up Avoma app in Okta for SSO
- Log in to your Okta account > Admin > Applications section.
- Click on Create App Integration
- Select "SAML 2.0" as the Sign-In Method and "Web Application" as the Application Type. Then click on the "Next" button.
- Enter the App Name on the next screen and hit Next.
- In the SAML settings section , enter "https://prod-api.avoma.com/saml2/acs" in the Single sign-on URL and enable the checkbox .
- In the Audience URI and Default Relay state enter "https://app.avoma.com" .
- Select "Email Address" for the Name ID format ,
- Select "Email" for Application User Name
- Select "Create and Update" for Update Application Username on setting.
- In the Attribute Statements section, enter values as shown below
- Scroll down to click Next.
- Select "It's required to contact vendor to enable SAML" and click Finish.
- Your SAML app creation is complete. You will be shown a screen with details about the Metadata URL and Issuer. Copy the Metadata URL and Issuer.
- Now go to the Assignments tab and assign the app users and/or groups that should have access to Avoma.
Step 2: Provide details to set up Okta SAML SSO in Avoma
Currently, Avoma sets up an SSO on your behalf for your organization. Please contact Avoma Support or your Customer Success Manager and provide the following details:
- Metadata URL copied in Step 1
- Issuer copied in Step 1
Once Avoma has configured SSO for you, you will receive a confirmation. Avoma will also terminate the existing sessions for all your users so that they can freshly log in using SSO.
Your users can then start using the SSO option on the Avoma login screen to access their accounts.