Envoy

___________________________________________________________

To learn more about the benefits of using single sign-on, please read our <a href="https://envoy.help/en/articles/3450158-about-saml/" rel="nofollow noopener noreferrer" target="_blank">About SAML</a> article.

Go to <a href="https://dashboard.envoy.com/apps/directory-and-sso" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO.</a>

Scroll down to locate SAML and click “Install”.

Enter the fingerprint from your IdP in the Fingerprint field.

1. Go to <a href="https://dashboard.envoy.com/apps/directory-and-sso" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO.</a>
2. Go to Directory Settings
3. Scroll down to locate SAML and click “Install”.

4. Enter the fingerprint from your IdP in the Fingerprint field.

If you'd like to configure SAML as required, we recommend first setting up SAML as optional and testing with a small group of users. Once you're sure SAML is working properly for your users, switch it to required.

Go to <a href="https://dashboard.envoy.com/employees/integrations" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO</a>.

Locate SAML and click “Configure”.

Toggle “Required” to the “on” position.

1. Go to <a href="https://dashboard.envoy.com/employees/integrations" rel="nofollow noopener noreferrer" target="_blank">Apps &gt; Directory and SSO</a>.
2. Locate SAML and click “Configure”.
3. Toggle “Required” to the “on” position.

Global admins will always be able to authenticate with a password regardless of if requiring SAML is on or off.

You can connect Envoy to any SSO provider with SAML 2.0. We’ve provided guides for a few common IdPs:

<a href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Envoy.html" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Okta</a>

<a href="https://onelogin.service-now.com/support?id=kb_article&amp;sys_id=12999903db109700d5505eea4b961959" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via OneLogin</a>

<a href="https://envoy.help/en/articles/3453335-microsoft-azure-active-directory-integration#h_ea87c619a2" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Microsoft Entra Active Directory</a>

<a href="http://envoy.help/en/articles/4712320-sso-for-envoy-via-microsoft-active-directory">SSO for Envoy via Microsoft Active Directory</a>

<a href="https://support.google.com/a/answer/7652435?hl=en?hl=en#zippy=" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Google Workspace</a> **

- <a href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Envoy.html" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Okta</a>
- <a href="https://onelogin.service-now.com/support?id=kb_article&amp;sys_id=12999903db109700d5505eea4b961959" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via OneLogin</a>
- <a href="https://envoy.help/en/articles/3453335-microsoft-azure-active-directory-integration#h_ea87c619a2" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Microsoft Entra Active Directory</a>
- <a href="http://envoy.help/en/articles/4712320-sso-for-envoy-via-microsoft-active-directory">SSO for Envoy via Microsoft Active Directory</a>
- <a href="https://support.google.com/a/answer/7652435?hl=en?hl=en#zippy=" rel="nofollow noopener noreferrer" target="_blank">SSO for Envoy via Google Workspace</a> **

If you'd like to configure SAML with JumpCloud as your IdP, this is possible. You can use the token from <a href="https://envoy.help/en/articles/3453325-okta" rel="nofollow noopener noreferrer" target="_blank">Okta</a> or <a href="https://envoy.help/en/articles/3450140-active-directory-application" rel="nofollow noopener noreferrer" target="_blank">Active Directory</a>. You'll need to install Okta or AD on your account and then take the token that's generated and use that on the JumpCloud side.

** Important Note about Google Workspace When configuring SSO for Google Workspace, the Entity ID can reflect the same field as the ACS URL. If this does happen, you'll need to change the Entity ID field to: <a href="https://app.envoy.com/a/saml/metadata" rel="nofollow noopener noreferrer" target="_blank">https://app.envoy.com/a/saml/metadata</a>

This article outlines how to set up and configure SAML with Envoy.

Setting up SAML

About

Demos

Developers

Pricing

Learning Academy

Privacy Policy

Terms of Service

We're Hiring!

Webinars

Contact Support

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Setting up SAML

Enabling SAML for Envoy

(Optional) Set SAML to required

Configuring SAML for common IdPs