# SSO using SAML

Single Sign-On (SSO) allows users to log in once and gain access to multiple applications without needing to re-enter credentials. The steps may vary depending on the platform, but here’s a general guide to follow SSO in your account:

**Path to Enable SSO in Uzera**\
Settings Module → Security → Enable SSO

### **Configuring SAML on Okta**

#### **1. Add a New SAML Application**

1. Log in to your **Okta Admin Console** (<https://admin.okta.com>).
2. Go to **Applications** > **Applications**.
3. Click **Create App Integration**.
4. Select **SAML 2.0** and click **Next**.
5. Enter an **App name** (e.g., "Uzera") and optionally upload a logo.
6. Click **Next**.

#### **2. Configure SAML Settings**

1. **Single Sign-On URL (ACS URL)** – Enter the **Assertion Consumer Service (ACS) URL** provided by Uzera
2. **Audience URI (Entity ID)** – Enter the **Entity ID** provided by Uzera.
3. **Name ID format** – Choose **EmailAddress** as per Uzera requirements.
4. **Application username format** – Set as **Okta username** or **Email**.
5. Click **Next**.

#### **3. Configure Attribute Statements (Claims)**

1. Add any required attributes for authentication. Common ones include:
   * **email** → `user.email`
   * **firstName** → `user.firstName`
   * **lastName** → `user.lastName`
2. Click **Next**.

#### **4. Assign Users to the Application**

1. Go to **Assignments** > **Assign Users or Groups**.
2. Select users or groups that should have access.
3. Click **Save**.

#### **5. Configure Okta Metadata in** Uzera

1. Go to the **Sign On** tab of your SAML app in Okta.
2. Scroll to **SAML Signing Certificates**.
3. Download the **Metadata XML** file.
4. Provide this XML file to Uzera.

#### **6. Test SSO Integration**

1. Click **Test** in Okta, or try logging into the application via Okta SSO.
2. If authentication is successful, the setup is complete.

#### **Troubleshooting Tips**

* Ensure the **ACS URL and Entity ID** match exactly with the Uzera.
* Check attribute mappings in **Okta and the Uzera**.
* Verify that **assigned users** are active in Okta.
* Use **Okta logs** to debug any authentication issues.

### **Configuring SAML on Microsoft Entra ID (Azure AD)**

#### **1. Add an Enterprise Application**

1. Go to the [**Microsoft Entra ID portal**](https://entra.microsoft.com/).
2. Navigate to **Enterprise Applications** > **+ New Application**.
3. Click on **Create your own application**, enter a name, and select **Integrate any other application you don’t find in the gallery (Non-gallery)**.
4. Click **Create** and wait for the app to be added.

#### **2. Configure Single Sign-On (SSO)**

1. In the application settings, go to **Single sign-on**.
2. Select **SAML** as the authentication method.

#### **3. Set Up Basic SAML Configuration**

1. Click **Edit** under the **Basic SAML Configuration** section.
2. Enter the following details provided by Uzera.
   * **Identifier (Entity ID)** – Provided by the application.
   * **Reply URL (Assertion Consumer Service URL)** – Provided by the application.
   * **Sign-on URL** – (Optional) The URL where users initiate login.
   * **Relay State** – (Optional) Used for deep linking.
3. Click **Save**.

#### **4. Configure User Attributes & Claims**

1. Click **Edit** in the **Attributes & Claims** section.
2. Configure attributes as per application requirements (claims should be `user.mail`).
3. Add or modify claims if needed.

#### **5. Configure SAML Signing Certificate**

1. Download the **Federation Metadata XML**&#x20;
2. Provide it to Uzera to complete the setup.

#### **6. Assign Users & Test**

1. Go to **Users and Groups**, assign users or groups to the application.
2. Test SSO by navigating to the **Test** section in the SAML configuration.

### **Configuring SAML on Google Workspace**.

#### **1. Add a New SAML App**

1. Go to **Google Admin Console** ([admin.google.com](https://admin.google.com)).
2. Navigate to **Apps** > **Web and mobile apps**.
3. Click **Add App** > **Add custom SAML app**.
4. Enter an **App name** and click **Continue**.

#### **2. Download Google SSO Metadata**

1. In the **Google Identity Provider details** section:
   * Download the **IDP metadata** or copy the **SSO URL, Entity ID, and Certificate**.
2. Click **Continue**.

#### **3. Configure Service Provider Details**

1. Enter the **ACS URL (Assertion Consumer Service URL)** and **Entity ID** provided by Uzera
2. Choose **Name ID format** (default: `EMAIL`).
3. Click **Continue**.

#### **4. Configure Attribute Mapping**

1. Add **attribute mappings** based on what Uzera requires (e.g., `email`, `first name`, `last name`).
2. Click **Finish**.

#### **5. Enable the SAML App for Users**

1. Go to the **SAML app settings**.
2. Under **User Access**, enable the app for **Everyone** or **specific groups**.

#### **6. Test and Verify SSO**

1. Attempt to log in via **Google SSO** using the configured app.
2. If authentication is successful, the setup is complete.

\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://uzera.gitbook.io/uzera-help-center/sso-setup/sso-using-saml.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.