Using Single Sign-on (SSO)

Overview

Single Sign-On (SSO) enables users to access Enterpret using your organization's existing identity credentials. Enterpret supports both OpenID Connect (OIDC) and SAML 2.0 protocols, making it compatible with most identity providers.

This guide covers everything you need to set up and manage SSO for your Enterpret workspace.

Prerequisites

Administrator access to both Enterpret and your identity provider
Authority to create applications in your identity provider
Email addresses in Enterpret that match your identity provider records

SSO Configuration Process

The setup involves two main parts:

Configure your identity provider
Configure Enterpret with your provider's details

Step 1: Configure Your Identity Provider

Common Configuration Values

Use these Enterpret-specific values when setting up your identity provider:

Setting	Value for SAML	Value for OIDC
Entity ID / Audience URI	`urn:amazon:cognito:sp:us-east-2_kLiRrPBis`	N/A
Reply URL / ACS URL	`https://enterpret-prod.auth.us-east-2.amazoncognito.com/saml2/idpresponse`	N/A
Sign-in Redirect URI	n/a	`https://enterpret-prod.auth.us-east-2.amazoncognito.com/oauth2/idpresponse`
Required Claims/Attributes	Email (mapped to user email)	Email (mapped to user email)

Provider-Specific Instructions

For detailed, step-by-step instructions for your specific provider:

When configuring your identity provider, you'll need to capture specific values to use in Enterpret:

For OIDC: Client ID, Client Secret, and Issuer URL
For SAML: Metadata URL

Step 2: Configure Enterpret

Click your organization logo in the bottom left corner
Select Workspace Settings
Navigate to SSO Settings
Click the Configure button
Select your identity provider type (OIDC or SAML)
Enter the values you obtained from your identity provider:
- For OIDC: Client ID, Client Secret, and Issuer URL
- For SAML: Metadata URL
Click Submit

IDP-Initiated SSO Configuration

To allow users to access Enterpret directly from your SSO portal:

Find the RelayState Parameter in Enterpret:
- Go to Workspace Settings > SSO Settings
- Copy the RelayState value shown
Add this value to your identity provider's configuration:
- For Okta: Enter as "Default RelayState" in SAML settings
- For Azure: Enter as "Default RelayState" in application settings

Paste this RelayState in your SSO settings to let users access Enterpret directly from your portal.

Testing Your Configuration

Before enforcing SSO, verify that it works correctly:

Log out of Enterpret
On the login page, click the SSO option
You should be redirected to your identity provider
After successful authentication, you should return to Enterpret

Advanced SSO Features

Enforcing SSO

Make SSO mandatory for all users in your organization:

Go to Workspace Settings > SSO Settings
Toggle Enforce SSO to on
Confirm your choice

Important: Test your SSO configuration thoroughly before enforcing it to avoid being locked out of your account.

User De-provisioning

Automatically remove access when users are deactivated in your identity provider.

Currently supported for:

Okta (Configuration Guide)

For other providers, please contact Enterpret support.

SCIM Provisioning

For automatic user provisioning and management:

Configure SCIM 2.0 with Okta

Troubleshooting

If you encounter issues with your SSO setup:

Verify email addresses match between systems
Check that all configuration values are entered correctly
Ensure users are assigned to the Enterpret application in your identity provider
Confirm proper attribute/claim mapping for email addresses

Need Help?

If you encounter issues not covered in this guide, please contact the Enterpret team. We're happy to help you configure SSO for your organization.

Okta <> Enterpret: OIDC SSO

User De-provisioning with Okta SSO

Configure SCIM 2.0 with Okta

Okta <> Enterpret: SAML SSO

Azure <> Enterpret: SAML SSO