Single Sign-On Setup

In addition to logging into Iteratively with a username and password, users can also log in with their corporate credentials. Iteratively supports Single Sign-On (SSO) federation with:

  • Google Apps
  • OpenID Connect
  • SAML

To configure Single Sign-On (SSO) for your Iteratively account, please reach out to us at support@iterative.ly.

Google Apps#

No additional configuration is needed to enable Single Sign-On with Google. Simply click the "Log in with Google" button on the Login page, or "Join with Google" button when accepting a colleague's invitation to join them in your Iteratively account.

OpenID Connect#

To enable Single Sign-On with an OpenID Connect (OIDC) IdP, the Iteratively support team will require a few pieces of information from your IT team.

  • Client ID
  • Client Secret
  • Issuer URL

For example, if your organization relies on Okta for single sign-on, the following are typical steps needed to establish a trust relationship with Iteratively.

  1. Create a new application in Okta for Iteratively. In the Create a New Application Integration dialog, set Platform to Web and Sign on method to OpenID Connect.
  2. On the Create OpenID Connect Integration page, under General Settings, name your application. And under Configure OpenID Connect, set Login redirect URIs to https://id.iterative.ly/oauth2/idpresponse.
  3. On the OpenID Connect Client page, under General Settings, confirm that Authorization Code is checked.
  4. On the same page, under Client Credentials, copy the Client ID and Client secret values. These are the values you'll share with the Iteratively support team.
  5. On the same page, on the Sign On tab and in the OpenID Connect ID Token section, copy the Issuer URL. This is the last piece of information you'll need.

Note: users must be assigned to your newly created Okta application before they can authenticate to Iteratively. Make sure all users who require access to Iteratively have been assigned.

SAML#

To enable Single Sign-On with a SAML IdP, the Iteratively support team will require a SAML metadata document (or the document's endpoint URL) from your IT team.

For example, if your organization relies on Cloud Identity (G Suite) for single sign-on, the following are typical steps needed to establish a trust relationship with Iteratively.

  1. Create a new SAML app for Iteratively. In the Google Admin console, click on Apps, then SAML apps, and set up your own custom app.
  2. When prompted, opt for Option 2, download IdP metadata, and share with the Iteratively support team.
  3. Set Application Name to Iteratively and use this image as the application's logo if desired.
  4. Set ACS URL to https://id.iterative.ly/saml2/idpresponse and Entity ID to urn:amazon:cognito:sp:us-west-2_lmksjBDoJ.
  5. Create the following SAML attribute mappings:
  • Primary email → email
  • Last name → family_name
  • First name → given_name