Ally offers a variety of different login methods to meet your security needs. Currently we support all generally available SAML identity providers including; Google, ADFS, Okta, OneLogin, Azure AD, etc. This process is simple and setup can be completed in a few short steps. 

Definition: SAML stands for Security Assertion Markup Language and is used by businesses to pass authentication information between identity providers and service providers.

Definition: SSO stands for Single Sign-on and is used by companies to facilitate account management by using one set of credentials for multiple applications.

Steps to setup SSO

  1. Login to Ally.io using an Admin account
  2. Using the navigation bar on the left of the screen select “Admin” followed by “Integrations”
  3. Scroll to the “Authentication” section and select “Single Sign-On” and click “Enable”

After you have selected “Enable,” a new screen will appear with the information you need to create an Ally App in your Single Sign-on system. 

For more detailed information on creating an Ally App, check out our articles on the following SSO Applications:

  1. Google
  2. ADFS
  3. Okta
  4. One Login
  5. Azure Active Directory
  6. Jumpcloud

SAML Enforcement

For added security, SAML login can be enforced, meaning that users will have to login via your chosen SSO. You can enable this by selecting “Force your team to log in via your SSO provider” while configuring. If enforcement is enabled, all users (new and existing) have to login via SAML SSO.

How SAML SSO connects to New Users

If any of the existing users do not have an account with their identity provider, they will not be able to access their existing Ally account and a new account would be created when they login via SAML (the existing Ally user & OKRs will still stay in the system.)

When the email returned in the response does not match any existing users in Ally, we will provision new user accounts in your Ally Organization. You would then transfer ownership of their OKRs from the old non-SAML SSO user to the new SAML SSO provisioned user.

How SAML SSO connects to Existing Users

When the connection is configured, the SAML responses sent from your server will have the email address of the user logging in. If it matches an existing user in your organization, they will be automatically logged into their existing accounts with their existing OKRs.

Managing Users with SSO

When SSO is enabled for your organization, profile updates should be done in your identity provider. They will then flow into your Ally account. 

If you disable a user in your identity provider they will be unable to log into Ally with that account. If you need to remove them from the system completely, they need to be deleted in the Admin tools. This can be achieved by choosing Admin> Users> Actions> Delete.

Other SAML Type?

If you don't see your identity provider, you can still set up SAML single sign-on with the above steps.

Did this answer your question?