English

Yoffix offers multiple SSO options:

  • Microsoft AD SSO

  • Google

  • Okta

  • OneLogin

  • OpenID/SAML.

You can find all instructions for SSO enabling in Yoffix APP (Settings -> SSO).

Yoffix SAML SSO tutorial for Microsoft AD

  1. Login in to your Azure portal

    Open https://portal.azure.com and go to Enterprise applications.

  2. Create SAML 2.0 application

    Click New application. Click Create your own application.

    On the opened page enter Yoffix as a name and select Integrate any other application you don't find in the gallery (Non-gallery). Press Create.

  3. Setup Single sign-on

    Go to the Single sign-on section and select SAML. On the Single sign-on page click Edit button at the top right of the Basic SAML Configuration section

    • For the Identifier (Entity ID) enter https://api.app.yoffix.com/sso/saml/metadata

    • For the Reply URL (Assertion Consumer Service URL) enter https://api.app.yoffix.com/sso/saml/assert

    • Leave all the rest fields blank

    • Press Save

    Click Edit Attributes & Claims

    Click on the Unique User Identifier (Name ID) under Required claim and change Source attribute to user.mail

    Press Save

    Under Additional claims

    • Add email claim

    • Add first_name

    • Add last_name

    • You may remove other claims if you want

    Note that Namespace should be empty for added claims!

    You should end up with the following attributes setup

  4. Assigning users

    Go to the Users and groups tab and press Add user/group button to add users or groups, which will use Azure SSO to sign in into Yoffix.

  5. Getting metadata

    Go back to Single sign-on tab and press Download Federation Metadata XML

Yoffix setup

  • Go to Settings → Integrations and click on the Microsoft AD under SSO section

  • In the dropdown select SAML

  • Add SSO Url and Certificate from the IdP.

  • SSO Url is Login URL from the step 4

  • Certificate is X509Certificate

  • Add up to 10 Email domains. Example: if your company emails(used from Single sign on) have format name@yourorgdomain.com then you should add yourorgdomain.com