Part 1 – Authentication

  1. Navigate to ‘Administration’ settings
  2. Select the ‘Authentication’ option located under ‘Global settings’ 

Blocked users

From ‘Authentication’ you can automatically unblock users when they successfully authenticate via Single Sign-On (SSO):

  1. Tick the ‘Re-activate blocked users if they successfully log in via SSO’ checkbox
  2. Select ‘Save’

Note: This is useful if some users need to leave for extended periods but will return at a later date

Disabling manual login

To disable manual login:

  1. Tick the ‘Disable manual login’ checkbox
  2. Select ‘Save’ 

Identity providers

From the ‘Authentication’ screen, you can see a list of the identity providers that are connected to your Invotra account for SSO.

To connect with a new identity provider (IdP) for SSO:

  1. Select ‘Add new identity provider’
  2. Enter a name for the identity provider, e.g. ‘Google’
  3. Select SAML in the dropdown
  4. Select ‘URL input’ or ‘File upload’, depending on your preferred method of connecting to your identity provider
  5. Enter your identity provider URL or upload your identity provider metadata, depending on the option you chose
  6. Tick ‘Single Sign-Out’ if you also want to log users out of the identity provider when they log out of Invotra
  7. Enter the SAML attributes that are relevant to your organisation
  8. SAML attributes lets you map fields from your identity provider to the fields in Invotra
  9. Email is mandatory but all other fields are optional
  10. The SAML attribute column is where you can include the name of the attribute to fit your identity provider, e.g. ‘FirstName’. 
  11. The ‘User attribute’ column then lets you select which Invotra field your SAML attribute is mapped to, so in Invotra it’s ‘ForeName’ and you’ve made it ‘FirstName’
  12. Select ‘Save’