SAML enables you to login to multiple software platforms from one central location, meaning you don’t have to remember multiple usernames and passwords. SAML will authenticate your accounts and enable your systems to communicate and to authenticate users from one to the other.

It’s also a powerful onboarding tool: Accounts can be set up automatically with auto user provisioning. Users can be mapped to Octiv just by logging in using their Identity Providers credentials, instead of having to set up hundreds of user accounts within Octiv.

CONNECTING FROM OCTIV

Follow these steps to connect SAML to your Octiv account:

  1. Click on your User Drop down -> Administration
  2. Click Integrations
  3. Choose SAML from the Integrations menu.
  4. Click the checkbox next to Enable SAML.
  5. Fill out the following fields according to your Identity Provider’s (IdP) documentation:
    • Provider Name – This field is for your reference so name it something familiar to you or any other Account Admins
    • IDP SSO Target URL
    • IDP Certificate Fingerprint – You can optionally upload a certificate provided by your IdP
  6. The remaining fields are optional and vary depending on individual IdPs. Please refer to your particular IdP’s documentation.
  7. Click Save Changes

Note: Alternatively, you can utilize the Metadata URL field to have Octiv automatically pull the required information directly from your IdP. This URL would be provided by your IdP. The metadata file will contain all required information about your particular IdP’s configuration.

Authentication: Octiv will utilize the Subject NameID field within the SAML assertion to authenticate with the specific Octiv user. Octiv will match on an email address or username, but an email address is preferred. Please ensure you are passing NameID in the Subject or you will get the following error message: “No associated Octiv account was found. Please contact your account administrator.”

CONNECTING FROM YOUR IdP

The SAML Configuration Information at the bottom of the SAML Integration page should contain the URLs that your IdP will require when setting up the integration.

Optional Settings

Automatically Initiate SP Login – by enabling this setting your users navigating to the https://[accountname].octiv.com (or your custom domain) will be automatically redirected to your IdP log in screen. If your users will only ever log into Octiv through your IdP you should likely enable this option.

Auto-Provision users – by enabling this option Octiv will automatically create users within your Octiv account for any user that tries to log in and does not already match a current Octiv user. Octiv will make its best guess from the SAML Attributes provided and associate to the proper User fields within Octiv. However, if you want to specify the actual fields to use, you can utilize the Attribute Mapping fields directly below the Auto-Provision Users setting

SAML Features

Using this integration through Octiv and Salesforce (for example) makes Salesforce the Identity Provider (IdP). After you enable this integration, you see a separate link asking you to sign on using Salesforce. Entering your credentials confirms you as the user and redirects you to Octiv.

After sign-in, you’re authenticated by SAML and have reached out to all service providers involved.

Using SAML can also auto-provision users in Octiv, meaning that all accounts are managed via the identity provider. Use the auto-provision toggle to set this feature.

Because your email address is your user identification, you need to make sure you’re using the same one in all the systems you connect.

You can use any SAML 2.0 identity provider, including Salesforce, Microsoft ADFS, Okta, and Onelogin.

Google oAuth2

Octiv supports the Google oAuth2.0 protocol for authentication and authorization. See Google’s documentation on this here.


Did this article help?

Please provide us your feedback below.

* How helpful was this article?

If you have any additional questions and would like to be contacted by a member of our support team, please provide your email.