Configuring Single Sign-On

Configuring Single Sign-On#

This guide explains how to configure Single Sign-On (SSO) for your organization. SSO allows your users to log in to Adverity using their corporate credentials, which simplifies the login process and improves security.

Important

This feature is not enabled by default. To use SSO, please contact your Account Manager.

Introduction#

You can integrate Adverity with your existing Identity Provider (IdP) to allow users to log in with their corporate credentials.

Supported protocols#

Adverity supports the following SSO protocols:

  • SAML v2 - A widely used protocol in enterprise settings, supported by IdPs such as Azure Active Directory and Google Workspace.

  • OAuth - Commonly used by social media platforms and other services like Facebook, Dropbox, and Google.

  • LDAP

  • OpenID

Adverity’s primary SSO integration uses the SAML v2 protocol. Support for other protocols, such as OAuth, may be available upon request.

User roles and permissions#

When a user logs in to Adverity through SSO, they are assigned a role with a defined set of permissions. You can customize the configuration of roles and permissions to fit your needs by using either a static set of permissions for all users, or a dynamic assignment based on attributes provided by your IdP, such as department or job title.

For example, you could configure dynamic assignment to assign different permissions based on user attributes, such as the following:

  • General access: All users from your domain @clientdomain.com are granted permission to view dashboards in Marketing Reporting.

  • Specific access: Users with a specific attribute (e.g., Department: Marketing) also receive access to Data Integration with Datastream Manager and Administrator rights.

At a minimum, your IdP must provide the user’s first name, last name, and email address.

For more information, see Managing user permissions.

Prerequisites#

Before you configure SSO, agree on a role and permission assignment logic with your Adverity account manager.

Configuring Single Sign-On#

To configure SSO for your organization, follow these steps:

  1. In your IdP, configure the following endpoints:

    Entity ID

    A globally unique name that identifies the service provider (Adverity) to your IdP.

    • Adverity: https://<hostname>/saml/metadata/

    • Explore & Present: https://<hostname>/saml/metadata

    ACS (Assertion Consumer Service) URL

    The endpoint on Adverity where the IdP sends the SAML assertion after successful authentication.

    • Adverity: https://<hostname>/complete/saml/

    • Explore & Present: https://<hostname>/saml/SSO

    Start URL

    The URL where users are redirected after successful authentication.

    • Explore & Present: https://<hostname>/auth/sso

  2. Provide the separate IdP XML metadata files for Adverity and for Explore & Present to your Adverity account manager.

  3. Allow 48 hours for Adverity to complete the configuration.

Note

In the URLs above, replace <hostname> with your custom Adverity domain, such as <identifier>.eu.adverity.com, <identifier>.us.adverity.com, or <identifier>.adverity.com.

Contents