Single sign-on (SSO) allows you to use a single identity provider (IdP) to manage access to Samsara. Organizations like to use SSO because
- Users don't need to remember a separate password to manually log in to Samsara.
- IT Admins can manage sensitive login information through one IdP system, thus reducing the security risk footprint.
Customers can manage federated identity using either Google Authentication or via 3rd party SSO providers. For this tutorial, we'll show you how to set up SSO using Okta as the identity provider.
Step 1: Set Up Your SSO Provider in Samsara
First, Samsara needs to be aware of your identity provider. In this first step, we will configure settings such that Samsara is aware of what to connect to.
- From the Samsara admin dashboard, navigate to the Settings tab.
- From here, use the left side navigation to get to Single Sign-On.
- On this page, click on the blue button for New SAML Connection.
- From your IdP, add your sign-in endpoint URL and x.509 certificate. You can find this within your IdP dashboard. For Okta, this lies in the Okta Admin Dashboard.
Note: If you are setting up Samsara with Microsoft Azure - please follow this tutorial.
Once you click Save, you will land on a page to retrieve your sign-on URL.
Keep this page open, since you will need all the above values for Step 2.
Step 2: Link Your Identity Provider to Samsara
Next, we'll want to check that your identity provider is aware of Samsara.
There are four major values that you want to make sure are setup within your IdP:
- Service Provider Entity ID,
- Post-Back URL,
- SAML Attributes, and
- Sign-In URL
You can click on the "Edit Connection" button again to find these values.
What to expect after SSO is enabled
Once you have set up SSO, users can navigate to the Samsara sign-in page in order to login. At the first login for a given user, the user will be auto-provisioned a Samsara account with default Read Only (No Dash Cam Access) permissions.
Going forward, all members will sign in to Samsara with their IdP account.