To learn more about the benefits of using single sign-on, please read our About SAML article.
Enabling SAML for Envoy
Select "Directory Settings" if you have not previously installed a directory app.
Locate SAML and click “Install”.
Enter the fingerprint from your IdP in the Fingerprint field.
(Optional) Set SAML to required
Tip: If you'd like to configure SAML as required, we recommend first setting up SAML as optional and testing with a small group of users. Once you're sure SAML is working properly for your users, switch it to required.
Go to Apps > Directory and SSO.
Locate SAML and click “Configure”.
Enter your IdP HTTP SAML URL in the Identity Provider HTTP SAML URL field.
Toggle “Required” to the “on” position.
Note: Global admins will always be able to authenticate with a password regardless of if requiring SAML is on or off.
Configuring SAML for common IdPs
You can connect Envoy to any SSO provider with SAML 2.0. We’ve provided guides for a few common IdPs: