Single Sign-On (SAML SSO)
With SIngle Sign-On (SSO), your users can access Chatlayer through your organization's identity and access management (IAM) system.
Last updated
With SIngle Sign-On (SSO), your users can access Chatlayer through your organization's identity and access management (IAM) system.
Last updated
SSO is a secure and user-friendly way of accessing our platform using your organization's identity.
Single Sign-On (SAML SSO) is only available in the Enterprise pack or higher. Want to upgrade? Get in touch.
Our SSO solution is compliant with SAML 2.0. This allows you to configure a wide range of IAM systems like:
Azure Active Directory
Okta
OneLogin
Ping Identity
We'll guide you through the entire process of setting up SAML SSO through Azure Active Directory in a few steps.
You can also find out more about the setup process on the Azure AD documentation pages.
To create an Azure Active Directory app:
Go to the Azure portal: https://portal.azure.com.
Open the Azure Active Directory service.
Follow the Enterprise applications menu entry.
Create a new application by pressing the Create your own application button.
A form will appear. Give the new application a fitting name. E.g. here, we called it 'Chatlayer'.
Select the Non-gallery option.
Assign users to your app following the Microsoft documentation.
SAML (Security Assertion Markup Language) is a protocol for secure authentifications to applications.
Open your Azure Portal.
Open the Single sign-on tab.
Select SAML.
A configuration window in 5 steps opens.
Fill in the following fields to start:
For Identifier (Entity ID), paste https://auth.chatlayer.ai/auth/realms/Chatlayer
For User Attributes & Claims: keep the default values.
Open another page to open Chatlayer.
Under your Settings tab, click on Team.
Turn on the Enable SAML authentification toggle.
Fields will unroll underneath. Copy the link under Assertion consumer service URL (ACS) by clicking on the copy/paste icon to the right.
Go back to your Azure portal.
Under Assertion Consumer Service URL, paste the URL from Chatlayer.
Under SAML Signing Certificate, click on Download to download the certificate.
Open the certificate on the side with a text editor.
From the text editor, copy the value of the certificate.
Back to Chatlayer, paste this value under Public certificate.
Back to Azure: under Set up Chatlayer, copy and paste the Azure Login URL under the Sign on URL on Chatlayer.
Do the same for the identifier: copy and paste the Azure AD Identifier under the Issuer field on Chatlayer.
On Chatlayer, you should have the following fields filled:
Save your changes on Chatlayer.
Save your changes on Azure AD.
It is now possible for members of your AD organization to login to the Chatlayer application.
We do not currently offer role-mapping of Azure AD roles to Chatlayer roles. You can find out more about roles and access control on our user management page.
To set up SAML SSO through Okta:
Create a new app integration in Okta.
Select SAML 2.0.
Give the newly created SAML 2.0 app a name.
Fill in the Single sign on URL as retrieved from Chatlayer (Assertion consumer service URL) and the Audience URI (https://auth.chatlayer.ai/auth/realms/Chatlayer)
Select the following settings in the 'Feedback' step of the Okta configuration:
At the bottom of your Team page, under your SAML single sign-on toggle, you have the option to turn on a Require SAML SSO authentification for all members.
If you turn on this toggle, the only people that will have access to the bot are the ones that have an SSO.
Therefore, the toggles for SSO offer two options:
Either the first toggle is on, and the second toggle isn't: users that have SSO will be able to login to the bot and others just with their own credentials.
Or the two toggles are on: only users that have SSO will be able to login to your bot.
