=> add(store = "_OpaqueIdStore", types = (" query = "", param = "useEntropy", param = c1.Value, param = c1.OriginalIssuer, param = "", param = c2.Value) Step 2: Add Additional Rules - Transform an Incoming Claim Step 1: Add A Additional Rule - Send Claims Using a Custom Rule If you are implementing SSO via ADFS there are a few more steps involved to get the NameID to send appropriately.Īs mentioned above, please make sure you're sending over the outgoing claim types as mail, givenName and sn. This provides an account with a login fail-safe for the original Global Admin, in case there is ever an issue with SSO authentication. Important Note #3: If you are the original Global Admin on an account you will not be able to give yourself SSO authentication permissions. If you ever disable SSO via the Integration Admin or by downgrading your plan level to Pro or Starter, read this FAQ to learn how to gain access via the traditional login method. Important Note #2: Once you give a user Authenticate through SSO permissions, they will no longer be able to login via the DivvyHQ Login Page. ![]() You might want to alert them that they have been added to your DivvyHQ account and show them how to get to DivvyHQ via your SSO portal. Important Note #1: When you add a new team member with SSO authenticated, the team member will not receive a DivvyHQ invitation email. Fill out the required fields (First name, Last Name, Email address) and check the Authenticate through SSO box. This will bring up the Add Team Member overlay. Follow the steps below.ġ. Click the + ADD NEW option in the upper righthand of the platform, then click TEAM MEMBER within the dropdown.Ģ. When adding new team members, you can give them the ability to authenticate through SSO. Step 2b: Adding a New Team Member With SSO Permissions Check the Authenticate through SSO box and then click the green Apply Changes button. This will bring up the Edit Team Member overlay. Venture back to the Account Admin interface and select the Team Members tab.Ģ. Hover over the team member's name that needs to Authenticate through SSO, then click the blue View/Edit User link.ģ. Step 2a: Giving an Existing Team Member SSO Authenticate PermissionsĪfter you've enabled SSO via the Integration Admin, you need to specify which existing users will be utilizing SSO to log in to DivvyHQ.ġ. After you've filled in all required fields, click Save Settings in the upper righthand. Provide our DivvyHQ Metadata URL and DivvyHQ Assertion Consumption Service URL, as well as the following attribute mappings, to your IT department.Īttribute name Value mail Email address of the user givenName Users first name sn Users last nameĭivvyHQ Assertion Consumption Service URLĩ. This value would come from your SSO provider.Ĩ. Input your X.509 Certificate into the provided field. ![]() This URL or file would come from your SSO provider.Ħ. Input your XML metadata URL or upload your metadata file into the provided field. After clicking the checkbox you will be presented with a few required fields that need to be filled in to start the authentication process.ĥ. Click the checkbox Enable Single Sign On.Ĥ. From the Account Admin, click the Integrations tab, then the Single Sign On tab.ģ. As a Global Admin, click your name in the upper right hand of the platform and select the Account Admin option from the dropdown.Ģ. If you are using Azure for SSO, please refer to this article. ![]() If you are using Okta for your SSO needs, please refer to this article. ![]() The Divvy Detailsīelow is a step-by-step walkthrough on how to enable SSO on an account and give team members SSO authentication permissions. For those using ADFS, please note the additional steps under the section below, entitled Utilizing SSO Via ADFS. Once SSO has been enabled on an account, and users have been authenticated, they can bypass DivvyHQ's login page altogether. Then, you'll be redirected to, where you can begin the login process again in the upper right corner by selecting "Log In".Our Single Sign-On (SSO) utility gives Enterprise users the ability to log in to DivvyHQ through their company's SSO portal. If you are being redirected or "looped", you might try clearing your browser cache and attempting to login again using the email link method.Īlternatively, if you may have signed in using a different account or email address, try going to /profile and selecting "Logout". You can also review this video for a login tutorial. If you have a Google-hosted inbox (Gmail), you can login using your google email address by selecting "Login with Google" from the Log in screen. You will then receive an email containing a login link that you can click on and follow back to your Divvy Agent Portal. You can login by entering the email address you used to sign up with Divvy. To access your Agent Portal, go to /accounts/login and select "Log In" in the upper right corner.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |