Skip to main content

Single Sign-On

IO River supports any identity provider that supports the Security Assertion Markup Language (SAML) protocol. You can use your identity provider to sign in to your IO River account.

Configuring SSO

To set up SSO for your account:

  1. Navigate to the Account page.
  2. In the sidebar, select Single Sign-On.
  3. Copy the provided fields and add them to your identity provider.
  4. Configure your identity provider - once completed, upload the metadata XML file generated by your identity provider.
  5. Click on Enable SSO.

Force SSO

You can enforce SSO login for your account by enabling Force SSO. Once this is activated, users in your account will no longer be able to log in using a username and password.

Important Note:

  • Make sure to test your SSO access before enabling Force SSO, in case SSO is incorrectly configured, you will be locked out from your account without the ability to login with username and password.

Configuring SSO in Okta

In case you are using Okta as your identity provider, you can follow these steps as part of step #4 above:

  1. Log in as an admin to your Okta account.
  2. In the sidebar, select Applications.
  3. Click on the Create App Integration button.
  4. Select SAML 2.0 and click Next.
  5. Fill in the App name and click Next.
  6. In the Single sign-on URL field, paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
  7. In the Audience URI field, paste the value copied from the Audience URI field in the IO River SSO page.
  8. Under Name ID format, select EmailAddress.
  9. Under Application username, select Email.
  10. Click Next and then Finish.
  11. Once the app is created, access the Metadata URL and save the presented XML file.
  12. Upload this file to your IO River account as described in step #4 above.
  13. You can now assign users to this app.

Configuring SSO in Microsoft Entra ID

If you are using Microsfot Entra ID (previously known as Azure Active dicretory) as your identity provider, follow these steps as part of step #4 above:

  1. Log in as an admin to your Azure account.
  2. Navigate to Microsoft Entra ID and select Enterprise applications.
  3. Click on New application, then click on Create your own application.
  4. Enter the application name (e.g. IO River) and select Integrate any other application you don’t find in the gallery (Non-gallery).
  5. In the newly created application, go to Manage and select Single sign-on.
  6. Select SAML as the SSO method.
  7. Fill in the Basic SAML Configuration:
    • Identifier (Entity ID): Paste the value copied from the Audience URI field in the IO River SSO page.
    • Reply URL (Assertion Consumer Service URL): Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
    • Click on Save
  8. Under Attributes & Claims, check the Required claim and ensure the following settings are configured:
    • Name identifier format: Email address
    • Source attribute: user.mail
  9. Under SAML Certificate, download the Federation Metadata XML.
  10. Upload this file to your IO River account as described in step #4 above.
  11. You can now assign users to this application:
    • Under the application Properties, make sure the application is visible to users.
    • Under the application Users and groups, assign users or groups the application.
    • Users can now login from https://myapps.microsoft.com/ (It might take a couple of minutes for the new application to appear).

Configuring SSO in OneLogin

If you are using OneLogin as your identity provider, follow these steps as part of step #4 above:

  1. Log in as an admin to your OneLogin account.
  2. In the top bar, select Applications and click the Add App button.
  3. In the search box, type SAML Custom Connector (Advanced) and select the relevant application.
  4. In the display name field, enter IO River and click Save.
  5. In the sidebar, select Configuration and fill in the following details:
    • Audience (Entity ID) — Paste the value copied from the Audience URI field on the IO River SSO page.
    • Recipient — Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
    • ACS (Consumer) URL Validator — Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
    • ACS (Consumer) URL — Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
    • Login URL — Paste the value copied from the Assertion Consumer Service URI field in the IO River SSO page.
  6. In the top-right corner, click More Actions and select SAML Metadata to download the XML metadata file.
  7. Upload this file to your IO River account as described in step #4 above.
  8. You can now assign users to this application.