Security

SAML Authentication

Teams on an enterprise plan can configure SAML Authentication for their team.

By default, users who sign in through your organization's SAML Connection are granted Read-Only membership of your Team. To elevate their permissions, a Team Admin must adjust their role via the Team Settings page in the Evervault Dashboard.

Configuring SAML for your Team

Prerequisites

The user configuring SAML from the Evervault Dashboard must be a team admin. You will also need admin access to your IdP to complete the setup from the provider.

By default, the email domain of the admin configuring SAML is whitelisted as a discovery realm.

To add further domains please contact Evervault support.

Steps

  1. Navigate to Team Settings -> Security in the Evervault Dashboard.
  2. Press the "Configure" button next to "Single sign-on (SAML) to begin configuring your SAML connection.
  3. Input your SAML sign-in url and upload the your IdPs x509 cert in .PEM or .CER format. Optionally you can enable sign-out and provide a sign-out url.
  4. Press the "Create SAML Connection" button, once the Connection has been created successfully you will see a "Configured" badge next to SAML settings.
  5. Press the "Settings" button to view your Connection's metadata.
  6. Evervault only require a single SAML attribute mapping, email. To configure this, set the mapping of "Primary email" to the app attribute email. Below is an example of what this looks like when using Google as an IdP.

Google SAML Attribute Mapping