This article will walk you through how to set up SSO for Intricately using the SAML 2.0 protocol.
Federated SSO must be enabled for your company's Enterprise plan. Contact us via email or chat to get this set up.
You must have an active subscription with an Identity Provider (IdP), such as Okta.
Intricately SSO currently supports the following features:
Service Provider (Intricately) initiated SSO - authentication initiated on the Intricately login page
Identify Provider initiated SSO - authentication initiated on your IdP Org
Step 1 - Select Your SSO Protocol
Log into your Intricately Account. Note that you must be a Team Admin or Team Owner to be able to configure SSO.
Navigate to the user icon on the top right and select Settings from the menu.
Click on the Single Sign-on tab.
Select your desired protocol: SAML 2.0.
Once you've selected a protocol, the SSO Configuration form will update to walk you through the relevant steps.
Step 2 - Get Your Single Sign-On URL and Audience URI
First, copy and save the Intricately information you'll need to provide to your Identity Provider (IdP).
In the SSO Configuration form, copy and save the Single Sign-On URL:
Copy and save the Audience URI:
You'll need these in the next step.
Step 3 - Configure Settings in Your IdP
Log in to your Identity Provider (IdP).
Enter the Single Sign-On URL and the Audience URI you copied from the previous step. The exact appearance of the input form may vary based on your IdP.
Configure your desired SAML 2.0 SSO behavior based on your IdP's process.
Step 4 - Get Your IdP XML Metadata
Still within your IdP, generate the "SAML 2.0 IdP Metadata XML." The exact values will vary based on your settings, but the XML should look similar to this:
Now, log back in to Intricately and open the SSO Configuration page. Paste the Metadata XML text into the configuration form.
Click SAVE CONFIGURATION. This will save the values you input, without activating required SSO authentication yet.
Step 5 - Manage User Permissions
In your IdP, make sure you provision access to the users you want to allow to authenticate to Intricately. The exact steps may vary based on your provider.
It's important to provision access before you activate SSO, to ensure that your team will be able to log in once SSO is active and required.
Step 6 - Activate SSO
Ensure that you've completed all the setup steps above, including provisioning access to users.
Once you're ready to activate SSO, click the SSO Authentication toggle:
Once you activate SSO:
- All users on the team will automatically be logged out of Intricately
- Authentication via social login (Google, Salesforce, LinkedIn) will be disabled for your team
- All users will be required to login to Intricately via SSO
Confirm that you'd like to activate SSO.
Step 7 - Validate SSO
Test your configuration via the Intricately login process.
Ensure you are logged out. Then return to the Intricately web application.
Select SSO from the login options.
Enter your work email and hit Submit.
- The web page will redirect to your IdP Org login page, if you don’t have an active IdP session in your browser. You can enter your IdP credentials and you will be redirected and signed in to Intricately Application.
- If you have an active IdP session in your browser, then you will be seamlessly logged in to Intricately Application.
Test your configuration through your IdP console:
Login to your IdP and go to the list of available applications.
Click on Intricately app to automatically login to Intricately Application.
You've now successfully set up SSO for Intricately!