All Categories ​ > ​ ​Admin ​ > ​ ​Company administration ​ > ​     Authenticate on Amalia

Authenticate on Amalia

Updated by CSM Team

Introduction to Single Sign-On (SSO)

For security purpose, all Amalia users log in using SSO methods. This way, Amalia never handle user's private information (GDPR compliance) or passwords (security compliance).

Amalia uses two mainstream SSO providers to authenticate users:

  • Google for companies on Google Workspace
  • Azure AD for companies on Microsoft 365

Your company members can log in to Amalia by clicking on the button corresponding to your company's software provider.

SSO Providers

Connect With Google

Users should be able to click on the "Log in with Google" button and authenticate directly. The first user of your Google Workspace will be asked to authorize Amalia to connect if he has admin level permissions on the tenant.

Depending on your security configuration, administrator of your authentication tenant may have to whitelist Amalia for your users to be able to connect. If that's the case, you'll have an error message saying "Your tenant should authorize this app" during the authentication workflow.

Connect With Microsoft Azure

Users should be able to click on the "Log in with Azure" button and authenticate directly. The first user of your Azure AD will be asked to authorize Amalia to connect if he has admin level permissions on the tenant.

We're using the Microsoft Identity Platform (v2) Identity API, on the OpenID Connect Protocol, and we'll ask for Basic Profile information.

Depending on your security configuration, administrator of your authentication tenant may have to whitelist Amalia for your users to be able to connect. If that's the case, you'll have an error message saying "Your tenant should authorize this app" during the authentication workflow.
Please read carefully the Microsoft official documentation if your users have trouble authenticating. Amalia's client id is c3267721-9df2-49e7-9987-5379a325a63d. Your consent URL should look like this: https://login.microsoftonline.com/{organization}/adminconsent?client_id=c3267721-9df2-49e7-9987-5379a325a63d

SSO Alternatives to Google and Azure

We support alternative SSO solutions such as Okta or Keycloak if the SSO provider uses SAML or OAuth2.

OAuth2 based SSO solutions

To setup your OAuth2 SSO solution with Amalia, please provide your CSM with the following information.

  • Client ID
  • Client Secret
  • Authorization Endpoint URL
  • Token Endpoint URL
  • User Info URL

Note that for OAuth2 based SSO solutions Amalia needs your permission to access the following scopes: openid, email and profile.

Once your SSO solution is properly set up on Amalia, you can enter your email in the field then click on "Login."

SAML based SSO solutions
Please consult your CSM before going for SAML, this could increase your license price due to increased cost on our side.

To setup your SAML SSO solution with Amalia, please provide your CSM with the following information.

  • Sign in URL
  • X.509 Signing Certificate
  • User ID Attribute

Once your SSO solution is properly set up on Amalia, you can enter your email in the field then click on "Login."

How did we do?

Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)