Skip to main content

Set up single sign-on (SSO) for your bot

With SSO, you can sign into your Ada dashboard using your organization's authentication tool, rather than having to type in your username and password every time you log in.

Setting up SSO requires work at different stages for both your Ada representative and your organization. Your Ada representative will set up Ada's Okta account to work with your organization's identity provider (IDP), and you will set up your organization's IDP. This topic walks you through the tasks you have to complete on your end. Once you have completed this process, you can use the same IDP for multiple bots.

note

Ada uses Okta as a service provider (SP), but that doesn't mean you have to use Okta for your organization's identity provider (IDP).

After you have SSO set up, you will be able to go to the Ada login page and click Log in With SSO to log into your Ada dashboard. We do not currently support logging in directly from your IDP, so you may want to hide Ada in your IDP's dashboard when you're setting it up to avoid confusion.

  1. Contact your Ada representative so they can start setting up your IDP in Ada's Okta instance. They will provide you with two values:

    • ACS URL

    • Audience URI

    You'll need these values when you configure your SAML application in the next step.

  2. Create a SAML application in your IDP for Ada. Then, configure your SAML application with the following:

    • Assertion Consumer Service URL (aka Single Sign-On URL): use the ACS URL your Ada representative provided

      • The Recipient URL should also use the same ACS URL
    • Entity ID (aka Audience URI): use the Audience URI your Ada representative provided

    • Name ID format: email

    • Application Username: email

    • Add three more user attributes in addition to Name ID: email, firstName, and lastName

    This example shows a completed SAML application configuration in Okta. Note that there's also a button to download a certificate, which you'll need in step 4. Different tools make the certificate available in different places.

  3. Find your IDP's metadata. Again, different IDPs make this information available in different places.

    As an example, this is how you can find the metadata in Okta:

    In the metadata, find these two values:

    • entityID

    • Single Sign-On URL

    note

    Some IDPs have different names for these values. The most reliable way to find them is to find an IDP Metadata .xml file. That file contains these values in a standardized format.

    This is how they might look in the .xml file. The Single Sign-On URL is listed as the Location of the SingleSignOnService for HTTP-POST:

  4. Find your IDP's certificate, which should come in the form of a .crt, .cert, or .pem file.

    If you find a string that looks like this, paste it into a text editor and save it with a .pem file extension:

    -----BEGIN CERTIFICATE-----
    MIIDVjCCAj4CCQD7DEtIu02MpzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJV
    UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEQ
    blahblahblahyougettheidea1aYLG4r1w7QcnH8TYQb0ZqOTfTrl8HE+rD457zp
    1QBTbbNWfiLLB0hAqkZuNormxaYRDb8rlAzDlargoVy/O4bxSiuoVrVTMxEkYYZ/
    Ji3edZ7TXGbvp6TR9as+B8V2caeJ9TLmmtG1gg8mrsZSin+/ZtLZN8H3
    -----END CERTIFICATE-----
  5. Send your Ada representative the entityID and Single Sign-On URL values and certificate from your IDP. They can then complete the setup process on their end.

  6. To allow users to log in with SSO, assign them the Ada Support app in your IDP. Then, in your Ada dashboard, delete their existing accounts and add them again, selecting SSO as their login type. Users can use only one method to log into Ada (password or SSO), but not both. For more information, see Manage users and permissions.


Have any questions? Contact your Ada team—or email us at .