Prerequisite:
If you haven't done so already, please create an SSO Reset Frequency Rule.
Retrieve the URLs and public certificate from Evo
- Login to your Evo Environment.
- From the left nav menu, select My Company. Alternatively, select Customers and and choose a customer from the list.
- Select Applications from the left nav menu.
- Click the Liongard card.
- Keep this page open, you'll need information from here to paste into Liongard.
- Click Download public certificate.
How to configure SAML SSO in Liongard
To complete these steps, you must be a global administrator of your Liongard portal.
Ensure your users are provisioned in Evo, with exact the same email address as their Liongard account.
RECOMMENDATION: Before you start. Log into your Liongard account twice - once in a regular browser and once in an incognito/private window. This is to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in to two separate browsers.
- From your favorite browser, open a new tab to the Liongard admin portal, and login.
- Navigate to Username > Company Settings > Security > SSO Setup.
- Click SSO -> Liongard.
- Select IDP Data as the button option.
- For the Entity ID, paste the Sign In URL from the Evo Liongard page.
- For the Single Sign On URL, paste the Sign in URL from the Evo Liongard page.
- For the Single Log Out URL, paste the Sign out URL from the Evo Liongard page.
- With your favorite text editor, open the previously Downloaded Certificate from the Evo Liongard page. You'll now see a bunch of text, beginning with "-----BEGIN CERTIFICATE-----"
- Copy the entire text block (including the ---begin certificate--- and ---end certificate--- sections) into the X509 Public Certificate block.
- (Optional) Toggle Enforce all users to log in via SSO only if you want all users to SSO.
- Click into the Excluded Users input field and select/type the name of the User account(s) you wish to exclude from the SSO requirement.
- Liongard recommends adding at least one Global Administrator in the Exclude Users list during the setup and testing of SSO.
Your configuration will auto-update and a confirmation message will appear after each change.
Congratulations! Liongard is now configured for SSO with Evo Secure Login.
Reference material > https://docs.liongard.com/docs/set-up-sso