If you use Microsoft's Active Directory Federated Service (ADFS), the steps below will explain the necessary steps to set up SSO for your Echo AI organization.
Echo AI Relying Party Service URL and Trust Identifier:
Relying Party Service URL:
https://app.echoai.com/authentication/saml2/[YOUR_ORG]/acs/
Relying Party Trust Identifier:
https://app.echoai.com/authentication/saml2/[YOUR_ORG]/metadata/
ADFS Side Configuration
Add Echo AI to your ADFS instance
Open ADFS Instance:
In the Actions column, click Add Relying Party Trust…. This will open a wizard to guide you through the process.
Start Setup Process:
On the Welcome screen, click Start to begin the setup process. Use the default Claims aware trust type since we will be setting up a claims-aware application.
Select Data Source:
Select Enter data about the relying party manually and click Next.
Add Display Name:
Add a display name, such as Echo AI, and click Next.
Configure Certificate:
Click Next to proceed with the default certificate settings.
Configure URL:
Select Enable support for the SAML 2.0 WebSSO protocol.
Paste the provided Echo AI relying party service URL:
https://app.echoai.com/authentication/saml2/[YOUR_ORG]/acs/
Click Next to proceed.
Configure Identifiers:
Paste the provided Echo AI relying party trust identifier:
https://app.echoai.com/authentication/saml2/[YOUR_ORG]/metadata/
Click Next to proceed.
Choose Access Control Policy:
Choose an access control policy to determine who can authenticate their Echo AI account via SSO.
Click Next to proceed.
Complete the Process:
On the Ready to Add Trust step, click Next to complete the process.
Click Close to finish the wizard.
Add Attributes to ADFS
Add a Rule to ADFS:
On the Edit Claim Issuance Policy page, click the Add rule button.
Send LDAP Attributes as Claims:
Under Claim rule template, select Send LDAP Attributes as Claims. Click Next to proceed.
Configure Claim Rule:
Enter a Claim rule name.
For Attribute store, select Active Directory.
In the LDAP Attribute column, select E-Mail Address.
In the Outgoing Claim Type column, select E-Mail Address.
Click Finish to complete the process.
Transform Incoming Claim:
Click Apply to apply the rule and return to the Issue Transform rules page.
Click Add Rule to add a second Transform rule.
Under Claim rule template, select Transform an Incoming Claim. Click Next to proceed.
Configure Claim Rule:
For Claim rule name, enter Transform email address as NameID.
In the Incoming claim type, select E-Mail Address.
In the Outgoing claim type column, select NameID.
In the Outgoing name ID format column, select Email.
Toggle Pass through all claim values.
Click Finish to complete the process.
Apply the Rules:
Click Apply to apply the rules to your instance.
Echo AI Configuration
Now that you have everything set up in ADFS, you will need to send your ADFS details to Echo AI.
Share Federation XML Metadata URL:
Find your federation XML metadata URL and share it with the Echo AI team at support@echoai.com. The URL should be in the format:
https://[YOUR_ADFS_DOMAIN]/federationmetadata/2007-06/federationmetadata.xml
By following these steps, you can successfully set up ADFS SSO for Echo AI, ensuring secure and efficient authentication for your organization.
Disclaimer: This information is based on current ADFS and Echo AI documentation and may change over time. Always refer to the latest official documentation for the most accurate and up-to-date instructions.