In this article, you will find the following information:
Whitelisting
Users may need to work with their IT department to prevent any access issues caused by their organization’s cybersecurity policies. In the event that a user is experiencing challenges or seeing ‘connection error’ messages, whitelisting is the first thing they should try in order to resolve the issues.
If your organization restricts domain names that are accessible from your network, please ensure all subdomains of our main domain a16s.com (*.a16s.com) are accepted to ensure you have uninterrupted access to our product.
If you need further help, please contact your Customer Success representative.
Data Privacy Policy
The ALICE Privacy Policy may be found here.
SSO Setup
This section describes how to setup SAML based SSO authentication in ALICE.
Only organization administrators can perform SSO related actions.
⚠️ Once the SSO is configured, the password based authentication is disabled and all users from the organization can only login via the SSO.
Jump to the following sections:
Step 1: Prepare configuration in ALICE
Step 2: Identity Provider (IdP) configuration: AWS, Microsoft Azure, or Okta
Step 3: Finish the configuration in ALICE
Step 1: Prepare configuration in ALICE
1. Navigate to the Admin Panel by clicking your name in the upper right corner of the screen.
2. In the Admin panel, click on the Settings and choose SSO Setup.
3. Note the Identifier and Reply URL - you will need this information to setup your IdP.
4. Keep this page open, you’ll need to upload a configuration XML file from your IdP at the end.
Step 2: Identity Provider (IdP) configuration
Now, you need to register a new “Application” in your IdP configuration. Below we provide step-by-step guides for few selected providers.
The following table maps name convention between ALICE and selected IdPs for the Identifier and Reply URL config options ALICE has generated in the previous step. Select the links in the table to jump straight to the applicable sections.
ALICE | AWS | Microsoft Azure | Okta |
Identifier | Application SAML audience | Identifier | Audience URI |
Reply URL | Application ACS URL | Reply URL | Single sign-on URL |
AWS Configuration
The IAM Identity Center must be enabled to use it as an IdP. This section assumes the IAM Identity Center in your AWS account is already enabled.
If you have AWS organizations enabled, it might be necessary to do following steps in the root account.
1. Login to your AWS console and navigate to IAM Identity Center.
2. In the Applications section, click on the Add application button.
3. On the next screen, in the Setup preference section select I have an application I want to set up, in the Application type section select SAML 2.0 and click on Next button.
4. On the next screen
a) In the Configure application section you can name your application and add optional description.
b) Down on the page, in the Application metadata section, you must insert the information ALICE has generated for you earlier (see the mapping table above).
c) Download the SAML metadata file from the IAM Identity Center metadata section.
d) Confirm the configuration using the Submit button.
5. Next, you must configure additional attributes - on the application page open click on Actions and select Edit attribute mappings.
6. Fill in the Subject, firstName and lastName attribute mappings:
-
Subject=$(user:email}
-
firstName=${user:givenName}
-
lastName=${user:familyName}
Microsoft Azure Configuration
1. Login to the Microsoft Azure console and navigate to Enterprise applications.
2. Click on New application.
3. Name your application, select Integrate any other application you don’t find in the gallery and confirm with the Create button.
4. On the next screen select SAML SSO method.
5. Next, on the SAML setup page
a. Edit the Basic SAML Configuration section and insert the information ALICE has generated for you earlier (see the mapping table above)
b.
c. Edit the Attributes & Claims section and add the firstName and lastName attributes - you can add new attribute by clicking the Add new claim button and fill out the required fields.
-
firstName=user.givenname
-
lastName=user.surname
d.
e. Download the Federation Metadata XML file from the SAML Certificates section
Okta Configuration
1. Login to the Okta Admin dashboard and navigate to Applications
2. Click on the Create App Integration button
3. Choose the SAML 2.0 option and click on Next button
4. On the next screen, name your Okta application and click on Next button
5. On the next screen
a. In the SAML Settings section insert the information ALICE has generated for you earlier (see the mapping table above)
b. In the Attributes Statements section add the firstName and lastName attributes as shown on the following screenshot
-
firstName=user.firstName
-
lastName=user.lastName
c. Confirm by clicking on the Next button
6. The next Feedback page is optional, click on the Finish button
7. On the application page, on the Sign On tab open the View SAML setup instructions page
Copy the whole XML content from the Optional section at the bottom of the page and save it into a file.
Step 3: Finish the configuration in ALICE
When you finish your IdP configuration, no matter which provider you choose, you should have an XML file on your local computer.
Now, go back to the ALICE SSO setup page and upload the XML file in the Upload the configuration section and save it with Save configuration button.
Now login to ALICE using your IdP to verify the configuration. With the first successful login from your IdP, the configuration will be fully saved and all users from your organization can only login using SSO from that point of time. If there is no successful login to your organization in the next 30 minutes after the SSO configuration is saved, we will assume that there is some misconfiguration blocking your users from login and revert back the original password based authentication to allow you to continue working with ALICE. You can then try to configure SSO again.