This topic will walk you through how to set up a generic SSO/SAML integration. This includes how to test the connection and add new users.
Disclaimer: If you change your domain, your access to Ironclad is prohibited. Contact Support (email@example.com) for assistance before migrating a domain.
Required Ironclad Permissions: Admin
- Log in to your SSO provider as an admin.
- Navigate to an option to add a new SAML Application, and select SAML 2.0 ad the sign-in method.
- Enter the following information in the relevant fields:
- Application Name: Ironclad
- Description: Contract Management
- Category: Business Intelligence or Legal
- Download the XML file.
- In Ironclad, click on your name located in the top right corner of Ironclad. Navigate to Company Settings > Integrations > SAML Sign-On Configuration.
- Click Add SAML Configuration. Click Show Additional IdP Settings. Copy the Callback URL.
- In the IdP Configuration XML field, upload the SAML metadata file. The Entry Point and Certification fields are now populated. Click Save.
- Click Show Additional IdP Settings. A link is available for you to download the XML configuration from Ironclad.
- In your SSO provider, upload the XML file to the metadata field. The Assertion Consumer Service (ACS) and Entity ID fields are populated with the Callback URL and the Identifier.
- Continue to the next step in your SSO provider’s configuration. In the Attribute Mapping step, click Add New Step:
- Type email in the first field, then select Email in the Name or Literal field.
- Type firstName in the first field, then select First Name in the Name or Literal field.
- Type lastName in the first field, then select Last Name in the Name or Literal field.
- Click Finish. Your application is created.
- In your SSO provider, navigate to the Users tab.
- Provision a test user or colleague to access Ironclad. This user cannot be listed in the Ironclad “Everyone” group.
- Select the application you created and click Save.
- Instruct the newly provisioned user to click their invitation email to log in to Ironclad.
- If the user is able to log in and see the Ironclad Dashboard, the configuration is a success. Reach out to your LE or CSM POC or contact firstname.lastname@example.org for assistance migrating existing Ironclad users from Password Login to SSO Login.
- If the user receive an error message, follow our troubleshooting guide.
We provide a First-Time Sign-In URL that can be found in two places:
- On the SAML configuration setup page.
- Click on your name located in the top right corner of Ironclad. Navigate to Company Settings > Users.