Setting up SSO requires a few extra steps for both Peoplelogic and your IT team. If you'd like to implement SAML SSO, please get in touch with your Customer Success Manager.

In addition to supporting login with your Microsoft, Google or Slack accounts, customers may also have purchased a subscription that includes SAML SSO logins. With SAML SSO, you will be able to share one login across the rest of your enterprise systems - including Peoplelogic.

We are including setup instructions for OKTA and Entra ID below, but any SAML compliance identity provide will work just fine!

Basic Configuration Details

Customers will need to setup their IDP before the rest of the setup can continue. These details are the most important:

Property

Value

Single Sign On URL

https://sso.plai.team/saml2/idpresponse

Audience Restriction

urn:amazon:cognito:sp:us-west-2_98pOB5Fhr

Email SAML URI

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

By default, the IDP needs to send at least the email address in the SAML response. If you'd like to send additional information such as the given name or the job title, please let your CSM know.

OKTA Setup

  1. Go to your OKTA Admin, Applications → Create a new app → SAML 2.0

  2. Write App Name

a4a35830-820a-4955-8172-6e14d435565b.png

3. Configure Sign in URL and audience

afbaba15-d8b2-4eef-a3cf-4505a4d295c6.png

4. Configure attribute mapping (Email is required. Others are optional)

9fb592b2-9421-4d76-894c-38dab1b22b30.png

 

5. Complete setup and get the metadata URL

1ec6801a-7370-4a76-b8df-e59579711a6f.png
  1. Be sure to assign users to the newly created application!

Once you've completed the setup within OKTA, just send your CSM either the IDP metadata URL or the Metadata file and we'll get things setup on our end!

Microsoft Entra ID (formerly Azure Active Directory)

To setup SSO using Microsoft Entra ID, the steps are very similar to setting up OKTA. First, you'll add an Amazon Cognito user pool as an application in Entra ID, then establish a trust relationship between them.

To add a new application in Entra ID

  1. Log in to the Azure Portal.

  2. In the search box, search for the service Microsoft Entra ID.

  3. In the left sidebar, choose Enterprise applications.

  4. Choose New application.

  5. On the Browse Microsoft Entra Gallery page, choose Create your own application.

  6. Under What’s the name of your app?, enter Peoplelogic and select Integrate any other application you don’t find in the gallery (Non-gallery), as shown in Figure 2. Choose Create.

    image.png
    Figure 2: Add an enterprise app in Entra ID
  7. It will take few seconds for the application to be created in Entra ID, and then you should be redirected to the Overview page for the newly added application

Note: Occasionally, this step can result in a Not Found error, even though Entra ID has successfully created a new application. If that happens, in Entra ID navigate back to Enterprise applications and search for your application by name.

To set up Single Sign-on using SAML

  1. On the Getting started page in Entra ID, in the Set up single sign on tile, choose Get started, as shown in Figure 3.

    image (1).png
    Figure 3: Choose Set up single sign-on in Getting Started
  2. On the next screen, select SAML.

  3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon.

  4. In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the identifier (entity ID) shown at the top of this document. Replace Reply URL (Assertion Consumer Service URL) with the reply URL at the top of this document.

    image (3).png
    Figure 4: Add the identifier (entity ID) and reply URL
  5. Now go to Attributes & Claims be sure that you map the email claim to the URI specified at the top of this document.

Figure 7: Entra ID Attributes & Claims
Figure 5: Entra ID Attributes & Claims
  1. Be sure to assign users to your new application before you finish!

  2. Scroll down to the SAML Certificates section and copy the App Federation Metadata Url by choosing the copy into clipboard icon. You'll send this url to your Customer Success Manager.

Figure 8: Copy SAML metadata URL from Entra ID
Figure 6: Copy SAML metadata URL from Entra ID

Logging in with SSO

Once SSO has been setup - you can either navigate to https://app.plai.team/sso-login and enter your workspace alias (case sensitive - usually lowercase) OR you can configure your IDP to have a link to login and use: https://app.plai.team/sso-login?workspace=<workspacealias>. Both will work. Enjoy!