Set up single sign-on (SSO) for your bot
With SSO, you can sign into your Ada dashboard using your organization's authentication tool, rather than having to type in your username and password every time you log in.
Setting up SSO requires work at different stages for both your Customer Success Manager (CSM) and your organization. Your CSM will set up Ada's Okta account to work with your organization's identity provider (IDP), and you will set up your organization's IDP. This topic walks you through the tasks you have to complete on your end. Once you have completed this process, you can use the same IDP for multiple bots.
Note
Ada uses Okta as a service provider (SP), but that doesn't mean you have to use Okta for your organization's identity provider (IDP).
After you have SSO set up, you will be able to go to the Ada login page and click Log in With SSO to log into your Ada dashboard. We do not currently support logging in directly from your IDP, so you may want to hide Ada in your IDP's dashboard when you're setting it up to avoid confusion.
Contact your Customer Success Manager so they can start setting up your IDP in Ada's Okta instance. Your CSM will provide you with two values:
ACS URL
Audience URI
You'll need these values when you configure your SAML application in the next step.
Create a SAML application in your IDP for Ada. Then, configure your SAML application with the following:
Assertion Consumer Service URL (aka Single Sign-On URL): use the
ACS URL
your CSM providedThe Recipient URL should also use the same
ACS URL
Entity ID (aka Audience URI): use the
Audience URI
your CSM providedName ID format:
email
Application Username:
email
Add three more user attributes in addition to Name ID:
email
,firstName
, andlastName
This example shows a completed SAML application configuration in Okta. Note that there's also a button to download a certificate, which you'll need in step 4. Different tools make the certificate available in different places.
Find your IDP's metadata. Again, different IDPs make this information available in different places.
As an example, this is how you can find the metadata in Okta:
In the metadata, find these two values:
entityID
Single Sign-On URL
Note
Some IDPs have different names for these values. The most reliable way to find them is to find an IDP Metadata
.xml
file. That file contains these values in a standardized format.This is how they might look in the
.xml
file. TheSingle Sign-On URL
is listed as theLocation
of theSingleSignOnService
forHTTP-POST
:Find your IDP's certificate, which should come in the form of a
.crt
,.cert
, or.pem
file.If you find a string that looks like this, paste it into a text editor and save it with a
.pem
file extension:-----BEGIN CERTIFICATE----- MIIDVjCCAj4CCQD7DEtIu02MpzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJV UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEQ blahblahblahyougettheidea1aYLG4r1w7QcnH8TYQb0ZqOTfTrl8HE+rD457zp 1QBTbbNWfiLLB0hAqkZuNormxaYRDb8rlAzDlargoVy/O4bxSiuoVrVTMxEkYYZ/ Ji3edZ7TXGbvp6TR9as+B8V2caeJ9TLmmtG1gg8mrsZSin+/ZtLZN8H3 -----END CERTIFICATE-----
Send your CSM the
entityID
andSingle Sign-On URL
values and certificate from your IDP. Your CSM can then complete the setup process on their end.To allow users to log in with SSO, assign them the Ada Support app in your IDP. Then, in your Ada dashboard, delete their existing accounts and add them again, selecting SSO as their login type. Users can use only one method to log into Ada (password or SSO), but not both. For more information, see Manage users and permissions.
Have any questions? Contact your Ada team—or email us at help@ada.support.