How to Set Up Single Sign‑On (SSO) Authentication

Overview:
Configure SAML 2.0 SSO for Enterprise accounts to allow centralized authentication.

Steps:

1. Sign in as an Enterprise admin and request SSO activation from customer success.

2. In your Identity Provider (e.g., Okta, Azure AD), create a new SAML 2.0 application for Laywork.

3. In the SSO settings, set the Entity ID (Audience URI) to https://<your-domain>/api/sso/metadata/ and the ACS URL to https://<your-domain>/api/sso/acs/.

4. Ensure the required user attributes (email, first_name, last_name) are mapped in your IdP.

5. Assign users to the SSO application and upload the metadata file to Laywork’s SSO configuration.

Tips & Best Practices:

• Test SSO in a staging environment before rolling out to all users.

• Keep your IdP’s metadata file up to date to avoid authentication failures.

Troubleshooting / FAQs:

• “Invalid SAML response”: Verify your ACS URL and Entity ID match exactly in both systems.

• Users not assigned? Confirm user assignments in your IdP’s application settings.