Skip to content
English
Customer portal
  • There are no suggestions because the search field is empty.

Documentation – SSO / SAML Configuration

The SSO (Single Sign-On) section allows you to configure centralized authentication based on SAML (Security Assertion Markup Language). This method enables your users to log in to the application without entering a password, using their Identity Provider (IdP).

Access to the SSO Tab

This tab is only visible if your subscription includes SSO. It is accessible only to the account owner.

sso 01

🛠️ Configuration Settings

✅ Enable SSO Login

Purpose: Enable or disable SSO mode for this account.

  • Enabled: Users linked to this account will be redirected to their configured IdP when logging in. Authentication is handled via SAML, without a local password.

  • Disabled: Default login (email + application password) is used.

📁 Upload XML Metadata File

Purpose: Manually upload the XML metadata file provided by your IdP.

  • Enabled: Allows direct upload of a .xml file containing the SAML configuration.

  • Disabled: Displays the Metadata URL field, used if you prefer to provide a direct link to your IdP-hosted metadata.

📅 You must either upload the XML configuration file or provide the metadata URL — one of the two is required to complete the configuration.

🔗 Metadata URL

Purpose: Provide the URL where the application can automatically retrieve the IdP’s SAML metadata. Example:https://trial-1392317.okta.com/app/.../sso/saml/metadata This URL is usually available in your IdP’s management interface (e.g., Okta, Azure AD, OneLogin).

🤑 Service Provider Entity ID

Purpose: Unique identifier for your application (SP - Service Provider) used in SAML communication. Recognized by the IdP. Example: AW-MY-APP

📅 ACS URL (Assertion Consumer Service URL)

Purpose: Specifies where the IdP should send the SAML response after successful authentication. The URL is predefined in our SSO interface — simply copy/paste it into your IdP configuration.

🔀 Single Logout URL (optional)

Purpose: Allows configuration of Single Logout (SLO). When enabled, the user logs out from both the application and the IdP. The URL is predefined — copy/paste it into your IdP configuration.

🧬 Mapping the "email" attribute

Purpose: Define the IdP attribute used to populate the email field in the app. String format: EmailAddress "EmailAddress" indicates that the EmailAddress attribute from the IdP will be used for the email field in the app.

📄 Generating Service Provider (SP) Metadata

Once all fields are completed and saved, you can retrieve the generated configuration:

sso 02

  • Preview XML: Displays a preview of the generated XML configuration.

  • Download XML: Downloads the XML file to import into your IdP.

🔗 Best Practices

  • Always ensure that the Entity ID, ACS URL, and attributes match your IdP settings.

  • Download and install the generated Metadata XML file into your IdP for a complete and secure connection (when possible).

📘 SAML SSO Integration Example with Okta

👨‍💻 Okta Configuration Steps (IdP)

  1. Access Okta Admin Console Login: https://.okta.com/admin

  2. Create a new SAML App

  • Go to: Applications > Applications > Create App.

  • Select SAML 2.0 as the sign-in method.

Step 1 – General Settings

  • App Name: OptiValue.ai

  • (Optional) Add a logo

  • Click Next

Step 2 – SAML Settings

Use the following fields based on your service (application):

Okta Field Value
Single sign on URL Use the 'ACS URL' from the OptiValue.ai SSO tab
Audience URI (SP Entity ID) Unique identifier (e.g., AW-MY-APP)
Name ID format EmailAddress
Application username Email

  • ✅ Check: Use this for Recipient URL and Destination URL

Additional Attributes (Attribute Statements)

Name Format Value
email Unspecified or blank user.email

Click Next

Step 3 – Assignments & Finalization

  • Assign the app to the appropriate users or groups.

🔗 Get Okta Metadata

  • After creating the app, click it from the list

  • Go to the Sign On tab > View SAML setup instructions

  • Copy the Metadata URL or download the XML file

🛠️ OptiValue.ai Integration

In the SSO interface:

  • Upload the Okta XML file or paste the Metadata URL.

App Field Mapping:

Application Field Okta Source
Metadata URL From Okta
SP Entity ID AW-MY-APP
ACS URL Auto-generated
Logout URL Optional
Email Mapping email (defined in attributes)

📙 SAML SSO Integration Example with Azure AD Entra

👨‍💻 Azure AD Configuration Steps (IdP)

  1. Access Azure Admin Portal Login: https://portal.azure.com Go to Azure Active Directory > Enterprise Applications

  2. Create a new Enterprise Application

  • Click + New Application

  • Choose Create your own application

  • Name it (e.g., OptiValue.ai)

  • Select Integrate any other application not in the gallery

Step 3 – Configure Single Sign-On

  • In the app page, go to Single Sign-On > SAML

Fill the following fields:

Azure AD Field Value
Identifier (Entity ID) Same as in app (e.g., OV-MY-APP)
Reply URL (ACS URL) Use the ACS URL from OptiValue.ai
Logout URL Optional

Add Claims:

Name Azure AD Value
email user.mail

Step 4 – Assignments & Finalization

  • Go to Users and Groups

  • Add users or groups to the application

🔗 Get Azure AD Metadata

  • In the app SAML config, click Download Metadata

  • Use the XML file in OptiValue.ai configuration

🛠️ OptiValue.ai Integration

In the SSO tab:

  • Upload the Azure AD XML file or paste the Metadata URL

App Field Mapping:

Application Field Azure Source
Metadata URL Azure XML File
SP Entity ID OV-MY-APP
ACS URL Auto-generated
Logout URL Auto-generated if enabled
Email Mapping email (matches Azure attribute)

🔎 Final Check in OptiValue.ai

Once your configuration is saved:

  • A new section appears to Download OptiValue.ai SP Metadata XML

  • Import this file into your IdP to establish a secure SSO connection

✅ Final Verifications

  • Ensure "email" attribute is properly mapped

  • Test SSO login: log out and reconnect

  • You should be redirected to your IdP and logged in without entering a local password