We support SAML (Security Assertion Markup Language), which is an industry-standard way for identity providers like Okta and OneLogin to securely pass authorization credentials to Avocode. Enterprise administrators can rest easy knowing that their users' Avocode accounts are secured by the same identity provider that they already trust.

How to log into Avocode using Single Sign-On (SSO)?

  1. Make sure that your team has SSO enabled.

  2. Go to https://app.avocode.com, the desktop app, or your organization’s personal Avocode login link.

  3. Click the "Login via SSO" link at the bottom right corner of the login page.

  4. Enter your email address and click "Continue".

  5. This will take you to your identity provider for login.

  6. You are now logged into your Avocode account.

How to set up Single Sign-On (SSO) for your team?

Many identity providers support the SAML standard and we've provided setup instructions for the most common ones. However, if you use a different identity provider and need help setting things up, please contact our support team.

Okta

1. Navigate to your Okta admin dashboard and switch to the Classic UI if you aren't there already.

2. Click Applications, click Add Application and then click Create New App.

3. Ensure that platform is Web and SAML 2.0 is selected.

4. Name the app Avocode.

5. You can upload this icon for the app: https://avocode.s3.amazonaws.com/logo.png

6. Click Next.

7. Fill in the following values with placeholder text (we will change them later):

8. Click Next.

9. Click "I'm an Okta customer..." and then click Finish.

10. In the settings page, there is a yellow section that says, "SAML 2.0 is not configured..." Click View Setup Instructions.

11. Go to the bottom of the page to the section labelled "Provide the following IDP metadata to your SP provider". Copy and paste that block.

12. Log into the Avocode app as the team owner and go to Team Settings and then click the SSO tab.

13. Fill in the form in Avocode:

  • Choose a unique Organization Name

  • Paste the contents of the SAML Metadata file that you copied in Step 11.

  • Leave Entity ID blank unless you know that you need it.

14. Click Save Changes. A list of variables should show up.

15. Back in Okta, click the General tab, scroll down to the SAML Settings section and click Edit in the top right corner.

16. Click Next.

17. Fill in the following values (referencing the variables from Avocode):

  • SP ACS URL → Single sign on URL

  • SP Audience URL → Audience URI (SP Entity ID)

18. Under Attribute Statements (Optional), enter the following values:

  • User.FirstName → user.firstName

  • User.LastName → user.lastName

19. Click Next and then Finish.


OneLogin

1. Navigate to your OneLogin admin dashboard and click Applications and then Add App.

2. In the search box, type "saml test" and press Enter.

3. Click SAML Test Connector (IdP w/ attr w/ sign response).

4. Name the app "Avocode".

5. You can upload this icon for the app: https://avocode.s3.amazonaws.com/logo.png

6. Click Save at the top right side of the screen.

7. Click the SSO tab. Hover over the More Actions menu and click SAML Metadata.

8. Log into the Avocode app as the team owner and go to Team Settings and then click the SSO tab.

9. Fill in the form in Avocode:

  • Choose a unique Organization Name

  • Paste the contents of the SAML Metadata file that you downloaded in Step 7 into IdP Metadata.

  • Leave Entity ID blank unless you know that you need it.

10. You should see a list of variables. Fill these variables into the OneLogin app configuration:

  • SP Audience URL → Audience

  • SP ACS URL → ACS (Consumer) URL

  • SP ACS URL → Recipient

12. Enter the string "^https:\/\/.*" in the ACS (Consumer) URL Validator.

13. Click Save at the top right side of the screen.

Microsoft

1 In Azure AD go into Enterprise applications->New application and search there for the application named “Azure AD SAML Toolkit” and choose that one.

2. In a new application go into “Single sign-on” and in “Select a single sign-on method” select “SAML”.

3. Download “Federation Metadata XML” from that page.

4. Setup SSO in the Avocode app and into “IdP Metadata” field copy whole content of Federation Metadata XML downloaded in the previous step.

Keep this page opened you’ll need values from that in the next step.

5. Go back to Azure AD and on the same page as you downloaded metadata XM

click on Edit “Basic SAML Configuration”.

6. Into “Identifier (Entity ID)” copy value of “SP Audience URL”.

7. Into “Reply URL (Assertion Consumer Service URL)” copy value of “SP ACS URL”

8. Into “Sign on URL” copy “https://avocode.com/login?sso=true”.

Don’t forget to click “Save” at the top.

9. Almost done! Once you've completed the steps above, let us know and we'll finish it up from our end.

Did this answer your question?