For organisations that require Single sign-on (SSO), EvaluAgent can be configured to work with your SAML2 compatible directory such as;
- Azure AD
Once your SAML provider has been configured you will have full control over which users must authenticate using SSO and which may continue to use a password-based login.
To begin setting up SSO for your Organisation, open up the Settings menu and click on the Security Settings option.
From the Security Settings screen, click on the Single Sign-on tab. You can choose a Default Authentication Method. The option are:
- Password Logon - allow users to logon with a password and don't enforce SSO.
- SSO Providers - Any SSO Identity Providers you add will appear in this list. You can choose one of these to act as the default.
Create a new Identity Provider
You will see an option to "Add SSO SAML2 Provider" - Click this button and enter a name for your Identity Provider, i.e OneLogin, Azure AD, OKTA, etc. Once you've done that, press the "Create Provider" option and it will now appear in the table.
To set up SSO in your Identity Provider (IDP), you will need to access the Configuration Settings in EvaluAgent. By clicking the View button alongside your newly created Identity Provider will present the configuration settings that you will need to enter into your IDP in order to allow EvaluAgent to authenticate users against your directory.
It is likely that your IT support within your organisation will need to carry out this configuration, and they should understand the necessary steps. They will also need to configure their SAML provider to provide an ‘email’ attribute that we can use to identify each user. In Azure AD this is done by editing User Attributes & Claims and adding a new claim named ‘email’ that maps to the email field in your directory.
Once your directory is configured you will need to add its Identity Provider settings into EvaluAgent. Click the ‘Edit’ button alongside the provider that you added earlier, and you should see the following form.
This form must be populated with the settings that originate from your Identity Provider. Once this is done you can press ‘Update provider’ and your SSO provider should be ready to use.
Test signing in
Before switching all users in your organisation to your newly configured SSO provider we recommend testing that all of the necessary configurations has been carried out correctly by assigning the SSO authentication method to a single user.
Click the ‘User Management’ tab towards the top of the screen and then click ‘Users’. Find a user that you would like to use for testing, and then click Edit. Change this user’s ‘Authentication method’ to the new SSO provider then click ‘Update user’. Note that only SSO providers that have been fully configured will appear in this list, so if you do not see your new provider then please go back and check that all settings have been entered correctly. This user should now be able to sign in to Evaluate using your SSO sign-in flow.
Use SSO as the default method of authentication
Once you’re happy that SSO has been configured correctly you can now set it to be used as the default authentication method for your organisation. Navigate back to the Single sign-on tab on the Security settings page and change the ‘Default authentication method’ to your new SSO provider. This will then be used for new users that are created in the system, and you will be prompted whether existing users should be assigned this authentication method too.
It is recommended to do this if you would like most of your users to log in with SSO. The authentication method for individual users can be configured on the Users page as described earlier in the ‘Test signing in’ instructions section.