Introduction

For organisations that require Single sign-on (SSO), EvaluAgent can be configured to work with your SAML-compatible directory such as Azure AD. Once your SAML provider has been configured you will have full control over which users must authenticate using SSO and which may continue to use a password-based login.

Please note that SSO is available on the Scale Plan.

Getting Started

Go to Security Settings and click the Single-Sign-On tab

From here you can add the configuration for your SAML Identity Provider and set the default authentication method for your organisation.

Click the ‘Add SSO SAML2 provider’ button and enter a descriptive name for this provider in the modal that opens up. This name is just used as a label within our system to refer to this SSO provider, so can be anything you like e.g. Azure AD.

You should now see your new provider in the list. Clicking the ‘View’ button alongside this will present the configuration settings that you will need to enter in to your system in order to allow EvaluAgent to authenticate users against your directory. It is likely that your IT support within your organisation will need to carry out this configuration, and they should understand the necessary steps. They will also need to configure their SAML provider to provide an ‘email’ attribute that we can use to identify each user. In Azure AD this is done by editing User Attributes & Claims and adding a new claim named ‘email’ that maps to the email field in your directory.

Once your directory is configured you will need to add its Identity Provider settings into EvaluAgent. Click the ‘Edit’ button alongside the provider that you added earlier, and you should see the following form.

This form must be populated with the settings that originate from your Identity Provider. Once this is done you can press ‘Update provider’ and your SSO provider should be ready to use.

Test signing in

Before switching all users in your organisation to your newly configured SSO provider we recommend testing that all of the necessary configuration has been carried out correctly by assigning the SSO authentication method to a single user.

Click the ‘User Management’ tab towards the top of the screen and then click ‘Users’. Find a user that you would like to use for testing, and then click Edit. Change this user’s ‘Authentication method’ to the new SSO provider then click ‘Update user’. Note that only SSO providers that have been fully configured will appear in this list, so if you do not see your new provider then please go back and check that all settings have been entered correctly. This user should now be able to sign in to Evaluate using your SSO sign-in flow.

Use SSO as the default method of authentication

Once you’re happy that SSO has been configured correctly you can now set it to be used as the default authentication method for your organisation. Navigate back to the Single sign-on tab on the Security settings page and change the ‘Default authentication method’ to your new SSO provider. This will then be used for new users that are created in the system, and you will be prompted whether existing users should be assigned this authentication method too.

It is recommended to do this if you would like most of your users to log in with SSO. The authentication method for individual users can be configured on the Users page as described earlier in the ‘Test signing in’ instructions section.

Did this answer your question?