Single Sign-On (SSO) Configuration

Overview

Single Sign-On (SSO) enables users to access multiple applications with one set of credentials. If your organization has a SSO setup, it can be configured to work with Avela.

SSO is available with an additional fee. Please work with your account manager or customer support representative to add this to your proposal or order form.

Supported Standards

Avela supports SAML 2.0 (Security Assertion Markup Language) for SSO implementation.

Prerequisites

Before configuring SSO, ensure you have:

1. Admin access to your Identity Provider (IdP)
2. Admin access to Avela
3. Required SAML configuration details from your IdP

Required Configuration Details

URLs

Your IdP must provide:

• Sign In URL (Required): The endpoint where users authenticate
• Sign Out URL (Optional): The logout endpoint. If not specified, Sign In URL will be used

Certificate

• X509 Signing Certificate: Your SAMLP server's public key
  • Accepted formats: PEM or CER
  • Used to verify SAML assertion signatures
  • Must be valid and not expired

Configuration Steps

1. Identity Provider Setup
   • Configure Avela as a Service Provider (SP) in your IdP
   • Set up user attributes mapping
   • Configure sign-in and sign-out URLs
   • Generate and configure the X509 certificate
2. Avela Configuration
   • Share your URLs and certificates with the Avela team

Note - sometimes this is done fastest with a member of the Avela team to both setup and complete an end-to-end test.

Testing

Before rolling out to all users, we recommend testing this in a sandbox environment. If you are doing this before your launch, test the configuration in a test environment and production environment. If you are rolling this out after your production environment has been rolled out, we recommend careful coordination with your staff to manage the roll out to SSO.