Get in touchAbout Chatlayer

Single Sign-On (SAML SSO)

With SIngle Sign-On (SSO), your users can access Chatlayer through your organization's identity and access management (IAM) system.

SSO is a secure and user-friendly way of accessing our platform using your organization's identity.

Enable SSO in your Entreprise bot.

Single Sign-On (SAML SSO) is only available in the Enterprise pack or higher. Want to upgrade? Get in touch.

Our SSO solution is compliant with SAML 2.0. This allows you to configure a wide range of IAM systems like:

  • Azure Active Directory

  • Okta

  • OneLogin

  • Ping Identity

Set up your SAML SSO

With Azure AD

We'll guide you through the entire process of setting up SAML SSO through Azure Active Directory in a few steps.

You can also find out more about the setup process on the Azure AD documentation pages.

Create an app with users

To create an Azure Active Directory app:

  1. Go to the Azure portal: https://portal.azure.com.

  2. Open the Azure Active Directory service.

Open the Azure Active Directory service in your Azure portal.

  1. Follow the Enterprise applications menu entry.

  1. Create a new application by pressing the Create your own application button.

  2. A form will appear. Give the new application a fitting name. E.g. here, we called it 'Chatlayer'.

  3. Select the Non-gallery option.

Create your own Azure application.

  1. Assign users to your app following the Microsoft documentation.

Configure your SAML protocol

SAML (Security Assertion Markup Language) is a protocol for secure authentifications to applications.

  1. Open your Azure Portal.

  2. Open the Single sign-on tab.

  3. Select SAML.

Add an SAML method for SSO.

  1. A configuration window in 5 steps opens.

  2. Fill in the following fields to start:

    • For Identifier (Entity ID), paste https://auth.chatlayer.ai/auth/realms/Chatlayer

    • For User Attributes & Claims: keep the default values.

  1. Open another page to open Chatlayer.

  2. Under your Settings tab, click on Team.

Open your Team tab.

  1. Turn on the Enable SAML authentification toggle.

Enable SAML on Chatlayer.

  1. Fields will unroll underneath. Copy the link under Assertion consumer service URL (ACS) by clicking on the copy/paste icon to the right.

Copy the Assertion consumer service URL to enable SAML.

  1. Go back to your Azure portal.

  2. Under Assertion Consumer Service URL, paste the URL from Chatlayer.

  3. Under SAML Signing Certificate, click on Download to download the certificate.

Download the SAML Base64 certificate.

  1. Open the certificate on the side with a text editor.

  2. From the text editor, copy the value of the certificate.

  3. Back to Chatlayer, paste this value under Public certificate.

  4. Back to Azure: under Set up Chatlayer, copy and paste the Azure Login URL under the Sign on URL on Chatlayer.

  5. Do the same for the identifier: copy and paste the Azure AD Identifier under the Issuer field on Chatlayer.

Copy and paste the Login and Identifier from Azure to Chatlayer.

  1. On Chatlayer, you should have the following fields filled:

Copy and paste the needed fields on Chatlayer.

  1. Save your changes on Chatlayer.

  2. Save your changes on Azure AD.

It is now possible for members of your AD organization to login to the Chatlayer application.

We do not currently offer role-mapping of Azure AD roles to Chatlayer roles. You can find out more about roles and access control on our user management page.

With Okta

To set up SAML SSO through Okta:

  1. Create a new app integration in Okta.

  2. Select SAML 2.0.

Create an app with SAML 2.0 on Okta.

  1. Give the newly created SAML 2.0 app a name.

  1. Fill in the Single sign on URL as retrieved from Chatlayer (Assertion consumer service URL) and the Audience URI (https://auth.chatlayer.ai/auth/realms/Chatlayer)

  1. Select the following settings in the 'Feedback' step of the Okta configuration:

Require SAML SSO for all

At the bottom of your Team page, under your SAML single sign-on toggle, you have the option to turn on a Require SAML SSO authentification for all members.

Turn on this toggle

If you turn on this toggle, the only people that will have access to the bot are the ones that have an SSO.

Therefore, the toggles for SSO offer two options:

  • Either the first toggle is on, and the second toggle isn't: users that have SSO will be able to login to the bot and others just with their own credentials.

  • Or the two toggles are on: only users that have SSO will be able to login to your bot.

PreviousIdentity & AccessNextBilling & subscription

Last updated

Was this helpful?