Skip to main content
All CollectionsSingle Sign-on (SSO)
Using Single Sign-on (SSO)
Using Single Sign-on (SSO)

Configuring your Identity Provider to sign-in to Enterpret

Team Enterpret avatar
Written by Team Enterpret
Updated over a week ago

Overview

Single Sign-On (SSO) enables users to access Enterpret using your organization's existing identity credentials. Enterpret supports both OpenID Connect (OIDC) and SAML 2.0 protocols, making it compatible with most identity providers.

This guide covers everything you need to set up and manage SSO for your Enterpret workspace.

Prerequisites

  • Administrator access to both Enterpret and your identity provider

  • Authority to create applications in your identity provider

  • Email addresses in Enterpret that match your identity provider records

SSO Configuration Process

The setup involves two main parts:

  1. Configure your identity provider

  2. Configure Enterpret with your provider's details

Step 1: Configure Your Identity Provider

Common Configuration Values

Use these Enterpret-specific values when setting up your identity provider:

Setting

Value for SAML

Value for OIDC

Entity ID / Audience URI

urn:amazon:cognito:sp:us-east-2_kLiRrPBis

N/A

Reply URL / ACS URL

https://enterpret-prod.auth.us-east-2.amazoncognito.com/saml2/idpresponse

N/A

Sign-in Redirect URI

n/a

https://enterpret-prod.auth.us-east-2.amazoncognito.com/oauth2/idpresponse

Required Claims/Attributes

Email (mapped to user email)

Email (mapped to user email)

Provider-Specific Instructions

For detailed, step-by-step instructions for your specific provider:

When configuring your identity provider, you'll need to capture specific values to use in Enterpret:

  • For OIDC: Client ID, Client Secret, and Issuer URL

  • For SAML: Metadata URL

Step 2: Configure Enterpret

  1. Click your organization logo in the bottom left corner

  2. Select Workspace Settings

  3. Navigate to SSO Settings

  4. Click the Configure button

  5. Select your identity provider type (OIDC or SAML)

  6. Enter the values you obtained from your identity provider:

    • For OIDC: Client ID, Client Secret, and Issuer URL

    • For SAML: Metadata URL

  7. Click Submit

IDP-Initiated SSO Configuration

To allow users to access Enterpret directly from your SSO portal:

  1. Find the RelayState Parameter in Enterpret:

    • Go to Workspace Settings > SSO Settings

    • Copy the RelayState value shown

  2. Add this value to your identity provider's configuration:

    • For Okta: Enter as "Default RelayState" in SAML settings

    • For Azure: Enter as "Default RelayState" in application settings

Paste this RelayState in your SSO settings to let users access Enterpret directly from your portal.

Testing Your Configuration

Before enforcing SSO, verify that it works correctly:

  1. Log out of Enterpret

  2. On the login page, click the SSO option

  3. You should be redirected to your identity provider

  4. After successful authentication, you should return to Enterpret

Advanced SSO Features

Enforcing SSO

Make SSO mandatory for all users in your organization:

  1. Go to Workspace Settings > SSO Settings

  2. Toggle Enforce SSO to on

  3. Confirm your choice

Important: Test your SSO configuration thoroughly before enforcing it to avoid being locked out of your account.

User De-provisioning

Automatically remove access when users are deactivated in your identity provider.

Currently supported for:

For other providers, please contact Enterpret support.

SCIM Provisioning

For automatic user provisioning and management:

Troubleshooting

If you encounter issues with your SSO setup:

  • Verify email addresses match between systems

  • Check that all configuration values are entered correctly

  • Ensure users are assigned to the Enterpret application in your identity provider

  • Confirm proper attribute/claim mapping for email addresses

Need Help?

If you encounter issues not covered in this guide, please contact the Enterpret team. We're happy to help you configure SSO for your organization.

Did this answer your question?