Single Sign-On
IO River supports any identity provider that supports the Security Assertion Markup Language (SAML) protocol. You can use your identity provider to sign in to your IO River account.
Configuring SSO
To set up SSO for your account:
- Navigate to the Account page.
- On the sidebar, choose Single Sign-On.
- Copy the provided fields and add them to your identity provider.
- Once completed, upload the metadata XML file generated by your identity provider.
- Click on Enable SSO.
Force SSO
You can enforce SSO login for your account by enabling Force SSO. Once this is activated, users in your account will no longer be able to log in using a username and password.
Configuring SSO in Okta
In case you are using Okta as your identity provider, you can follow these steps as part of step #4 above:
- Log in as an admin to your Okta account.
- On the sidebar, select Applications.
- Click on the Create App Integration button.
- Select SAML 2.0 and click Next.
- Fill in the App name and click Next.
- In the Single sign-on URL field, paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
- In the Audience URI field, paste the value copied from the Audience URI field in the IO River SSO page.
- Under Name ID format, select EmailAddress.
- Under Application username, select Email.
- Click Next and then Finish.
- Once the app is created, access the Metadata URL and save the presented XML file.
- Upload this file to your IO River account as described in step #5 above.
- You can now assign users to this app.