Envoy

<a href="#enabling-saml-for-envoy">Enabling SAML for Envoy</a>

<a href="#configuring-saml-for-common-idps">Configuring SAML for common IdPs</a>

- <a href="#enabling-saml-for-envoy">Enabling SAML for Envoy</a> 
- <a href="#configuring-saml-for-common-idps">Configuring SAML for common IdPs</a>

To learn more about the benefits of using single sign-on, please read our <a href="https://envoy.help/en/articles/3450158-about-saml/" rel="nofollow noopener noreferrer" target="_blank">About SAML</a> article.

Go to <a href="https://dashboard.envoy.com/apps/directory-and-sso" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO.</a>

Select "Directory Settings" if you have not previously installed a directory app.

Enter the fingerprint from your IdP in the Fingerprint field.

1. Go to <a href="https://dashboard.envoy.com/apps/directory-and-sso" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO.</a>
2. Select "Directory Settings" if you have not previously installed a directory app.
3. Locate SAML and click “Install”.
4. Enter the fingerprint from your IdP in the Fingerprint field.

Tip: If you'd like to configure SAML as required, we recommend first setting up SAML as optional and testing with a small group of users. Once you're sure SAML is working properly for your users, switch it to required.

Go to <a href="https://dashboard.envoy.com/employees/integrations" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO</a>.

Locate SAML and click “Configure”.

Enter your IdP HTTP SAML URL in the Identity Provider HTTP SAML URL field.

Toggle “Required” to the “on” position.

1. Go to <a href="https://dashboard.envoy.com/employees/integrations" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO</a>.
2. Locate SAML and click “Configure”.
3. Enter your IdP HTTP SAML URL in the Identity Provider HTTP SAML URL field.
4. Toggle “Required” to the “on” position.

Note: Global admins will always be able to authenticate with a password regardless of if requiring SAML is on or off.

You can connect Envoy to any SSO provider with SAML 2.0. We’ve provided guides for a few common IdPs:

<a href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Envoy.html" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Okta</a>

<a href="https://onelogin.service-now.com/support?id=kb_article&amp;sys_id=12999903db109700d5505eea4b961959" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via OneLogin</a>

<a href="https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/envoy-tutorial#configure-azure-ad-single-sign-on" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Microsoft Azure Active Directory</a>

<a href="http://envoy.help/en/articles/4712320-sso-for-envoy-via-microsoft-active-directory">SSO for Envoy via Microsoft Active Directory</a>

<a href="https://support.google.com/a/answer/7652435?hl=en?hl=en#zippy=" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Google Workspace</a>

- <a href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Envoy.html" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Okta</a>
- <a href="https://onelogin.service-now.com/support?id=kb_article&amp;sys_id=12999903db109700d5505eea4b961959" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via OneLogin</a>
- <a href="https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/envoy-tutorial#configure-azure-ad-single-sign-on" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Microsoft Azure Active Directory</a>
- <a href="http://envoy.help/en/articles/4712320-sso-for-envoy-via-microsoft-active-directory">SSO for Envoy via Microsoft Active Directory</a>
- <a href="https://support.google.com/a/answer/7652435?hl=en?hl=en#zippy=" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Google Workspace</a>

Setting up SAML

Enabling SAML for Envoy

(Optional) Set SAML to required

Configuring SAML for common IdPs