This topic will walk you through how to troubleshoot SSO/SAML integrations.
Attributes & Claims
Make sure that you have the following fields set up for the values and names. Values vary depending on which SSO/SAML provider you use, but follow a similar naming convention. The table below is from Okta. Refer to the Help Center articles for your specific integration.
Make sure that the name follows camelCase format.
Value | Name |
---|---|
user.email | |
user.firstName | firstName |
user.lastName | lastName |
Test the SSO/SAML Integration
In order to test if your SSO/SAML configuration is successful, verify you are not an existing Ironclad user. Often times, the IT team member who sets up SSO/SAML in Ironclad has been invited to Ironclad using a username and password.
Once you set up SSO/SAML, either have a colleague test logging into Ironclad through your SSO/SAML provider, or create a test account of your own and give it permissions to the Ironclad application. After confirming that a colleague or test account can access Ironclad using the new SSO/SAML, we can transfer the original IT team member's account from username and password to SSO as well.
Setting up an SSO Redirect
Users working in Salesforce who aren’t logged into Ironclad (just had an account provisioned, or got automatically logged out) may attempt to launch workflows from the Launch Component / Button, which will send them to the standard Ironclad login page. In order to be redirected to the SSO login page, you will need to append a modifier to the end of each Launch URL.
Before setting up SSO redirect, we suggest completing all the steps mentioned in the Salesforce Setup Guide and verifying that a workflow can be successfully launched in Google Chrome by a user who is already logged in to Ironclad from a separate tab. This will make it easier to identify the source of any issues or bugs.
How to set up SSO redirect:
- Navigate in Salesforce to the Ironclad Workflow Configuration or custom button you would like to edit.
- Find your SSO identifier in Ironclad under Users & Groups > Users > SSO Sign-In Methods:
- Append "&saml={{your_SSO_identifier}}" to the end of your Launch URL used within the Ironclad Workflow Configuration object or the button URL.
Repeat this process for every workflow that is launched from Salesforce. The modifier and location will be the same for all URLs.