Secure Single Sign-OnFor Enterprise
Seamless authentication with SAML 2.0, OAuth 2.0, and Active Directory integration. One login for all your enterprise applications.
Supported Authentication Methods
Choose the authentication method that fits your infrastructure
SAML 2.0
Enterprise-grade SSO with identity providers like Okta, Azure AD, OneLogin
- Full SAML 2.0 compliance
- Automatic user provisioning
- Role mapping
- Just-in-time provisioning
Best for: Large enterprises with existing IdP
OAuth 2.0
Modern authentication with Google Workspace, Microsoft 365, GitHub
- OAuth 2.0 / OpenID Connect
- Social login support
- Token-based authentication
- Refresh token rotation
Best for: Modern cloud-based organizations
Active Directory
Direct integration with on-premise Active Directory
- LDAP integration
- AD group synchronization
- Seamless authentication
- Password sync optional
Best for: On-premise infrastructure
SSO Setup Process
Our team guides you through every step of the integration
Contact Enterprise Support
Request SSO activation for your enterprise account
Action: Email: enterprise@dailyeventinsurance.com
Choose SSO Provider
Select your identity provider (SAML, OAuth, AD)
Action: Confirm which IdP you're using (Okta, Azure AD, etc.)
Configure Identity Provider
Add Daily Event Insurance as a connected app in your IdP
Action: Use our SSO metadata provided by support team
Exchange Configuration Details
Share your IdP metadata with us, we'll configure our side
Action: Provide entity ID, SSO URL, and signing certificate
Map User Attributes
Configure how user roles and attributes are mapped
Action: Define email, name, role mappings
Test SSO Connection
Test authentication flow with test accounts
Action: Login with test user to verify configuration
Enable for Organization
Activate SSO for all users in your organization
Action: Users will use SSO on next login
SAML Configuration Details
Technical requirements for SAML 2.0 integration
Required Fields
Entity ID
Unique identifier for your organization
https://your-company.comSSO URL
Identity provider's single sign-on endpoint
https://idp.example.com/ssoX.509 Certificate
Public certificate for SAML assertion signing
PEM-encoded certificateAssertion Consumer Service URL
Where we send SAML responses
https://api.dailyeventinsurance.com/sso/acsOptional Fields
Single Logout URL
Endpoint for logout requests
https://idp.example.com/logoutName ID Format
Format for user identifiers
emailAddress (default)Attribute Mappings
Custom attribute field mappings
firstName → givenNameUser Attribute Mapping
How user data is mapped from your identity provider
| Attribute | Required | SAML Claim | Description |
|---|---|---|---|
| Required | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | User's email address (used as unique identifier) | |
| First Name | Required | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | User's first name |
| Last Name | Required | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | User's last name |
| Role | Optional | http://schemas.microsoft.com/ws/2008/06/identity/claims/role | User's role in the system (maps to our permission levels) |
| Location | Optional | custom:location | User's assigned location(s) for multi-location setups |
Security Features
Enterprise-grade security built into every SSO integration
Automatic User Provisioning
Users are created automatically on first SSO login
Role-Based Access
IdP groups automatically map to platform roles
Session Management
Centralized session control and timeout settings
Audit Logging
Complete audit trail of all authentication events
Provider Setup Guides
Step-by-step instructions for popular identity providers
Okta
- 1Admin Console → Applications → Create App Integration
- 2Choose SAML 2.0
- 3Enter SSO URL: https://api.dailyeventinsurance.com/sso/acs
- 4Enter Audience URI: https://dailyeventinsurance.com
- 5Attribute Statements: email, firstName, lastName
- 6Assign users or groups to the application
- 7Download metadata and share with our support team
Azure AD (Microsoft Entra ID)
- 1Azure Portal → Enterprise Applications → New Application
- 2Create your own application → Integrate any app (non-gallery)
- 3Set up single sign-on → SAML
- 4Basic SAML Config → Identifier: https://dailyeventinsurance.com
- 5Reply URL: https://api.dailyeventinsurance.com/sso/acs
- 6User Attributes: emailaddress, givenname, surname
- 7Assign users or groups
- 8Download Federation Metadata XML
Google Workspace
- 1Admin Console → Apps → Web and mobile apps
- 2Add custom SAML app
- 3Name: Daily Event Insurance
- 4Download Google IdP metadata
- 5ACS URL: https://api.dailyeventinsurance.com/sso/acs
- 6Entity ID: https://dailyeventinsurance.com
- 7Start URL: https://dashboard.dailyeventinsurance.com
- 8Attribute mapping: Primary email → email
- 9Assign to organizational units
Frequently Asked Questions
What SSO providers do you support?
We support any SAML 2.0 compliant identity provider (Okta, Azure AD, OneLogin, Google Workspace, Ping Identity, etc.) and OAuth 2.0 providers. We also support direct Active Directory integration via LDAP.
Can users still use password login with SSO enabled?
By default, SSO becomes the only authentication method when enabled. However, you can configure fallback password authentication for specific admin accounts or allow both methods.
How long does SSO setup take?
Initial configuration takes 1-2 business days once we receive your IdP metadata. Testing and refinement typically adds another 1-2 days. Total time: 2-4 business days.
What happens if our IdP goes down?
You can configure emergency admin accounts that bypass SSO for critical access. Additionally, we can enable temporary password authentication if your IdP has extended downtime.
Can we use different SSO providers for different locations?
Yes. Enterprise accounts can configure location-specific SSO providers. For example, corporate uses Azure AD while franchisees use Google Workspace.
Is there an additional cost for SSO?
SSO is included with Enterprise accounts at no additional cost. Implementation and ongoing support are also included.