Ally offers a variety of different login methods to meet your security needs. Currently we support Google, ADFS, OKTA, and OneLogin methods and are actively adding more. This process is simple and setup can be completed in a few short steps.
Steps to setup SSO
- Reach out to firstname.lastname@example.org to request a setup questionnaire and let us know what method you use.
- Return the completed questionnaire, Ally will then configure your setup.
- Test the new login setup
- Choose to enforce "SAML Only" logins or allow additional methods (email).
If enforcement is enabled, all users including existing, have to login via SAML. If any of the existing users do not have an account in their ADFS, they will not be able to access their existing Ally account and a new account would be created when they login via SAML.
How SAML SSO connects to existing users
When the connection is configured, the SAML responses sent from your server will have the email address of the user logging in. If it matches an existing users in your organization, they will be automatically logged into their existing accounts with their existing OKRs.
Should an Ally user not have an account in your identity provider, the existing Ally user & OKRs will still be in the system.
When the email returned in the response does not match any existing users in Ally, we will provision new user accounts in your Ally Organization. You would then transfer ownership of their OKRs from the old non-SAML SSO user to the new SAML SSO provisioned user.
Managing Users with SSO
When SSO is enabled for your organization, profile update should be done in your identity provider. They will then flow into your Ally account.
If you disable a user in your identity provider they will be unable to log into Ally with that account. If you need to remove them from the system completely, they need to be deleted in the Admin tools. That can be achieve by choosing Admin->Users->Actions->Delete.
Other SAML Type?
If you use a method not mentioned above, please let us know and we can explore adding that for your organization.