Single Sign-On
IO River supports any identity provider that supports the Security Assertion Markup Language (SAML) protocol. You can use your identity provider to sign in to your IO River account.
Configuring SSO
To set up SSO for your account:
- Navigate to the Account page.
- In the sidebar, select Single Sign-On.
- Copy the provided fields and add them to your identity provider.
- Once completed, upload the metadata XML file generated by your identity provider.
- Click on Enable SSO.
Force SSO
You can enforce SSO login for your account by enabling Force SSO. Once this is activated, users in your account will no longer be able to log in using a username and password.
Important Note:
- Make sure to test your SSO access before enabling Force SSO, in case SSO is incorrectly configured, you will be locked out from your account without the ability to login with username and password.
Configuring SSO in Okta
In case you are using Okta as your identity provider, you can follow these steps as part of step #4 above:
- Log in as an admin to your Okta account.
- In the sidebar, select Applications.
- Click on the Create App Integration button.
- Select SAML 2.0 and click Next.
- Fill in the App name and click Next.
- In the Single sign-on URL field, paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
- In the Audience URI field, paste the value copied from the Audience URI field in the IO River SSO page.
- Under Name ID format, select EmailAddress.
- Under Application username, select Email.
- Click Next and then Finish.
- Once the app is created, access the Metadata URL and save the presented XML file.
- Upload this file to your IO River account as described in step #5 above.
- You can now assign users to this app.
Configuring SSO in Azure Active Directory
If you are using Azure AD as your identity provider, follow these steps as part of step #4 above:
- Log in as an admin to your Azure account.
- Navigate to Azure Active Directory and select Enterprise applications.
- Click on New application, then select Create your own application.
- Enter the application name and select Integrate any other application you don’t find in the gallery (Non-gallery).
- In the newly created application, go to Single sign-on.
- Select SAML as the SSO method.
- Fill in the Basic SAML Configuration:
- Identifier (Entity ID): Paste the value copied from the Audience URI field in the IO River SSO page.
- Reply URL (Assertion Consumer Service URL): Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
- Under User Attributes & Claims, ensure the following settings are configured:
- Name ID format: Email address
- User Identifier:
user.mail
- Under SAML Signing Certificate, download the Federation Metadata XML.
- Upload this file to your IO River account as described in step #5 above.
- You can now assign users to this application.