Enable Entrust Identity single sign-on integration (SSO)
Everhour provide an easy-to-use integration with Entrust Identity to support SSO for you or everyone in your team.
- SSO using Entrust Identity is available on our Team Plan
- Team owner or admin will need to first enable SSO
- An Entrust Identity Admin account
Go to Resources > Applications > Applications List and click (+) button to create a new application.
Fill the Application name field, i.e `Everhour` and click on Next.
Configure settings as follows:
- Assertion Consumer Service URL: Copy and paste Consumer URL (`consumerUrl`) from Everhour, i.e: `https://api.everhour.com/saml/consume`
- Service Provider Entity ID (Issuer): Copy and paste Metadata URL (`metadataUrl`) from Everhour, i.e: `https://api.everhour.com/saml/metadata`
- Single Logout Service URL: leave empty
- SAML NameID Attribute: `Email`
- SAML NameID Encoding Format: `EMAIL`
- SAML Signing Certificate: `Default SAML Certificate` or you may specify another one
- SAML Signature Algorithm: `SHA1`
- Sign Complete SAML Response: must be checked
- Encrypt SAML Assertion: leave unchecked
- SAML Domain(s): add `app.everhour.com` and `everhour.com`
Click Add Resource Rule.
Set the name for the rule and click Next.
Configure Authentication Conditions and click Submit.
Click Signing Certificates button.
Here you must copy the certificate that was specified when creating an application. Default SAML Certificate in our case.
Copy the Certificate and paste the X.509 Certificate into its corresponding field on Everhour (`x509Certificate`).