Evolve Single Sign-On (SSO) FAQ

Follow

Overview

Evolve allows your users to log in via Single Sign On (SSO) using their Identify Provider (IdP) of choice. The following article answers frequently asked questions and provides additional information regarding enabling SSO in your Evolve instance.

Audience

All users

FAQ

Q. Which SSO providers are compatible with Evolve?

A. Evolve supports any SAML2.0-compliant IdP (Okta, Onelogin, Google, and Azure) and other IdPs (ADFS and PingIdentity).

 

Q. What will the login process look like?

A. When Single Sign On is enabled, company users can log in with either their Evolve username/password or their company credentials via Sign in with SSO.

Login page SSO.png

 

Q. What information do I need to get started?

A. To get started, submit a Help Center ticket. Please ensure you looped in an IT member from your team or the system administrator for Single Sign On who has the access and knowledge to configure Single Sign On within your company.

Additional Information

  • Evolve has customized instructions that can be requested for integrating with:
    • ADFS
    • Azure
    • Okta
    • Other IdPs: Your Evolve resource/support will provide you with your company-specific Evolve SP metadata to configure an Evolve Application in your IdP. The metadata will contain the Destination/Assertion Consumer Service URL, entity ID, and our certificate.
  • In your IdP configurations, Evolve requires the assertion to be signed and the Email Address to be passed as NameID. We recommend configuring the following attributes:
    • FirstName (user’s first name)
    • LastName (user’s last name)
    • Once you have configured your IdP, provide your Evolve resource with your IdP metadata so they can finalize the configurations for you to begin testing.
  • Evolve does not auto-provision users. To log in through SSO, users must already have an employee user profile in Evolve.
  • Companies can choose to have Single Sign On configured as the only access method for Evolve.
  • If forced SSO is not enabled, users must receive an invite to join and set a password before they can log in with SSO.
  • If you have forced SSO enabled, invitations are not required but are highly recommended. If invitations are sent, users will not be asked to create a password and will be authenticated directly into Evolve.
  • Please ensure that the email address attribute mapped to NameID in your IdP aligns with the email addresses created in Evolve on user profiles.
  • Deactivating a user in your IdP does not deactivate their user account in Evolve.
  • Evolve does not use relay states. 
  • Please submit a Help Center ticket to obtain more information on setting up SSO with Evolve, including instructions for specific providers.
Was this article helpful?
0 out of 1 found this helpful