Skip to main content
All CollectionsKnowledge BaseAuthentication
Configuring enterprise single sign-on (SSO) or SAML
Configuring enterprise single sign-on (SSO) or SAML

Instructions for how to configure elvex to use your identity provider for authentication.

Updated over a week ago

SAML connections are only available to customers on elvex's Enterprise Tier. If you require SAML for your organization and we not on an Enterprise subscription, reach out to us at [email protected].

Enterprise companies that wish to use their identity provider (IdP) for enterprise SSO can do so by enabling a SAML connection for their company.

Enabling SSO/SAML

Administrators can head to Settings > SAML to configure their organization's SAML connection.

Step 1: Upload your IdP metadata XML file

Enabling SAML requires first uploading your IdP metadata XML file. How to generate this XML file is unique to the identity provider that you're using. You'll often need to create a custom SAML application and provide some information for the service provider (SP) which is elvex in this case. You can find the information you should need bye expanding "How should I configure elvex as a Service Provider (SP)?"

Important: Remember to configure attribute mappings

As the screenshot above hints at, you will need to configure attribute mappings on your side in order for elvex to correctly capture information.

Step 2: Configure allowed email domains

Under "elvex / Service Provider (SP)" you'll now need to provide the email domains that are permitted for your SAML connection. This setting is only relevant when users attempt to login to elvex directly via auth.elvex.ai. When they enter an email address, elvex will automatically determine if SAML is configured for this domain and will redirect the user to your IdP for authentication and then back to elvex.

Step 3: Activate the connection

Once you've completed the steps above, click "Activate SAML connection" and you'll see a notification telling you the connection is active. You'll now be able to test authentication using your IdP.

If you encounter issues, please reach out to us at [email protected].

Disabling SSO/SAML

To disable your SAML connection, simply navigate to Settings > SAML and click the "Disable SAML" button. You'll be asked to confirm before disabling the connection. You can always re-enable SAML at a later point in time.

FAQs

  • Do you support identity provider initiated SSO?

    Yes. This is enabled by default when you enable SAML for your company within elvex.

  • Can users also authenticate with elvex directly?

    Yes. When a user hits auth.elvex.ai, they'll first be prompted to enter in an email address. If that email matches one of the allowed domains you provided when creating the SAML connection, they will automatically be redirected to your IdP for authentication and then redirected back to elvex.

  • Can I disable other authentication methods (e.g. Google) in elvex after I enable SAML?

    No, unfortunately this is not possible.

  • How does user provisioning work with elvex and SAML?

    Users are auto-provisioned (sometimes referred to as just-in-time provisioning) when they first login using your identity provider. All new users to elvex will be automatically provisioned with the Creator role (see Roles and permissions). Administrators can always change an individual user's role afterwards.

  • Can I customize the role users are autoprovisioned with?

    No, this is not currently customizable. Administrators can change a user's role after they are initially provisioned.

  • What happens to users that were provisioned with SAML if I disable a SAML connection?

    Users who were auto-provisioned previously will remain after you disable your connection.

Did this answer your question?