Setting up SSO requires a few extra steps for both Peoplelogic and your IT team. If you'd like to implement SAML SSO, please get in touch with your Customer Success Manager.
In addition to supporting login with your Microsoft, Google or Slack accounts, customers may also have purchased a subscription that includes SAML SSO logins. With SAML SSO, you will be able to share one login across the rest of your enterprise systems - including Peoplelogic.
We are including setup instructions for OKTA and Entra ID below, but any SAML compliance identity provide will work just fine!
Customers will need to setup their IDP before the rest of the setup can continue. These details are the most important:
Property | Value |
Single Sign On URL | |
Audience Restriction | urn:amazon:cognito:sp:us-west-2_98pOB5Fhr |
Email SAML URI | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
By default, the IDP needs to send at least the email address in the SAML response. If you'd like to send additional information such as the given name or the job title, please let your CSM know.
Go to your OKTA Admin, Applications → Create a new app → SAML 2.0
Write App Name
3. Configure Sign in URL and audience
4. Configure attribute mapping (Email is required. Others are optional)
5. Complete setup and get the metadata URL
Be sure to assign users to the newly created application!
Once you've completed the setup within OKTA, just send your CSM either the IDP metadata URL or the Metadata file and we'll get things setup on our end!
To setup SSO using Microsoft Entra ID, the steps are very similar to setting up OKTA. First, you'll add an Amazon Cognito user pool as an application in Entra ID, then establish a trust relationship between them.
Log in to the Azure Portal.
In the search box, search for the service Microsoft Entra ID.
In the left sidebar, choose Enterprise applications.
Choose New application.
On the Browse Microsoft Entra Gallery page, choose Create your own application.
Under What’s the name of your app?, enter Peoplelogic and select Integrate any other application you don’t find in the gallery (Non-gallery), as shown in Figure 2. Choose Create.
It will take few seconds for the application to be created in Entra ID, and then you should be redirected to the Overview page for the newly added application
Note: Occasionally, this step can result in a Not Found error, even though Entra ID has successfully created a new application. If that happens, in Entra ID navigate back to Enterprise applications and search for your application by name.
On the Getting started page in Entra ID, in the Set up single sign on tile, choose Get started, as shown in Figure 3.
On the next screen, select SAML.
In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon.
In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the identifier (entity ID) shown at the top of this document. Replace Reply URL (Assertion Consumer Service URL) with the reply URL at the top of this document.
Now go to Attributes & Claims be sure that you map the email claim to the URI specified at the top of this document.
Be sure to assign users to your new application before you finish!
Scroll down to the SAML Certificates section and copy the App Federation Metadata Url by choosing the copy into clipboard icon. You'll send this url to your Customer Success Manager.
Once SSO has been setup - you can either navigate to https://app.plai.team/sso-login and enter your workspace alias (case sensitive - usually lowercase) OR you can configure your IDP to have a link to login and use: https://app.plai.team/sso-login?workspace=<workspacealias>. Both will work. Enjoy!