- Navigate to ‘Administration’ settings
- Select the ‘Authentication’ option located under ‘Global settings’
Blocked users
From ‘Authentication’ you can automatically unblock users when they successfully authenticate via Single Sign-On (SSO):
- Tick the ‘Re-activate blocked users if they successfully log in via SSO’ checkbox
- Select ‘Save’
Note: This is useful if some users need to leave for extended periods but will return at a later date
Disabling manual login
To disable manual login:
- Tick the ‘Disable manual login’ checkbox
- Select ‘Save’
Identity providers
From the ‘Authentication’ screen, you can see a list of the identity providers that are connected to your Invotra account for SSO.
To connect with a new identity provider (IdP) for SSO:
- Select ‘Add new identity provider’
- Enter a name for the identity provider, e.g. ‘Google’
- Select SAML in the dropdown
- Select ‘URL input’ or ‘File upload’, depending on your preferred method of connecting to your identity provider
- Enter your identity provider URL or upload your identity provider metadata, depending on the option you chose
- Tick ‘Single Sign-Out’ if you also want to log users out of the identity provider when they log out of Invotra
- Enter the SAML attributes that are relevant to your organisation
- SAML attributes lets you map fields from your identity provider to the fields in Invotra
- Email is mandatory but all other fields are optional
- The SAML attribute column is where you can include the name of the attribute to fit your identity provider, e.g. ‘FirstName’.
- The ‘User attribute’ column then lets you select which Invotra field your SAML attribute is mapped to, so in Invotra it’s ‘ForeName’ and you’ve made it ‘FirstName’
- Select ‘Save’