About SAML

Learn about how Envoy uses SAML.

Updated over a week ago

Envoy helps you collect sensitive visitor information, and using SAML can be an additional layer to keep that data secure. When you use SAML to connect Envoy with your identity provider (IdP), it’s easy to provide your admins and employees with single sign-on access to Envoy. Plus, you’ll increase security by reducing the risk of password theft.

How SAML works with Envoy

Anyone with an employee record, whether they’re an employee or an Envoy administrator, can access their personal dashboard. By default, everyone can log in with an email address and password.

If your identity provider (IdP) supports SAML 2.0 you can enable single sign-on (SSO). Once you’ve determined you’d like to enable single sign-on, you have the option to allow single sign-on or require single sign-on.

Benefits of using SAML

  • Single sign-on means employees and administrators do not need to remember passwords.

  • Making sign-in easier encourages more use of the Envoy dashboard.

  • Requiring single sign-on means increased security for your sensitive visitor information.

SAML enabled (but not required)

  • Allows you to provision users for Envoy.

  • Users can access Envoy from your IdP (IdP initiated). If users visit the Envoy login screen, they’ll be prompted for their password.

  • Users can still manually reset their passwords via the forgot password link

SAML required

  • Allows you to provision users for Envoy.

  • Users can access Envoy either from the Envoy login screen (SP initiated) or from your IdP (IdP initiated).

  • Users can only authenticate to Envoy via your IdP. They will never be prompted to enter a password and will not be allowed to manually reset their password.

  • Global Admins can authenticate from the Envoy login screen using their password.

Did this answer your question?