Search the user guide

Configuring Single Sign-on

By default, Channelyze lets users authenticate with their email address and a password. This is referred to as “Channelyze Password” authentication. Users choose their password when they click the link in the invitation email, which they receive when their account is created.

Channelyze also supports user authentication via SAML single-sign on (SSO) through various identity providers. If your identity provider supports it, this can provide you with many additional security enhancements for authentication, including support for multi factor authentication (MFA).

To configure single sign on, go to Settings and in the Authentication & Provisioning section, you will see the Channelyze Authentication option enabled (highlighted blue) and the SAML option turned off (highlighted white). To turn on SAML authentication, click adjacent Manage Button and click the Enabled button. Channelyze will show a screen prompting you to enter SAML configuration information. For information specific to your identity provider see one of the following:

Configuring Channelyze with Okta

Configuring Channelyze with Auth0

Configuring Channelyze with IBM Identity Connect

Configuring Channelyze with Microsoft Azure Active Directory

Configuring Channelyze with Google GSuite

Then, press the back arrow to save the settings. This will turn SAML authentication on and the Channelyze password authentication off.

The Channelyze administrator that created the Channelyze account will always be able to log into Channelyze using Channelyze password authentication. This is useful, particularly if a SAML configuration error is made in Channelyze, which would otherwise prevent anyone from logging in to Channelyze.

Configuring Channelyze in Okta

When configuring Okta SAML authentication in Channelyze, choose “Okta” from the SAML IdP dropdown. You will be prompted to enter three fields:

  1. The Single Sign On URL

  2. The Issuer

  3. The Certificate

To find the values for each of these fields, log into Okta as an administrator and go to the organization area. Click on Applications in the top menu. Then click on Add Application. In the Search for an application field, enter ‘‘Channelyze’. You will see Channelyze appear in the right hand list. Press the Add button next to the Channelyze entry.

In the General Settings page, press Next. In the Sign-On Options page, click on View Setup Instructions. A new page will be shown, containing the values of the single sign-on, issuer and certificate that are needed within Channelyze. Copy and paste each of these fields into the relevant fields in the Channelyze SAML Settings dialog. Press OK on the dialog. Then press Done in the Sign-On Options page in Okta.

Once you have created appropriate user accounts in Okta, ensure that you assign the Channelyze app to each user. You will be prompted to enter a user name for each user. By default, this will be the user’s email address. You should ensure that this email address matches the address defined for the user in Channelyze.

After having assigned the Channelyze application in Okta and after having configured Channelyze to authenticate with SAML rather than Channelyze password authentication, you are ready to create each user in Channelyze. Doing so will send a Channelyze invitation to the user. If you have already added users in bulk in Channelyze then you can simply send the invitation. Do this from the Users tab of the Organisation Settings, select the check box next to each user that you wish to invite and choose the Actions menu at the top of the page and choose “Send Channelyze Invitation”. When the user clicks on the link in the email invitation, they will be directed to Okta to authenticate with their Okta credentials. Once they have successfully authenticated, they will be directed back into Channelyze.

Configuring Channelyze in Auth0

When configuring Auth0 SAML authentication in Channelyze, choose “Auth0” from the SAML IdP dropdown. You will be prompted to enter three fields:

  1. The Single Sign On URL

  2. The Issuer

  3. The Certificate

To find the values for each of these fields, log into Auth0 as an administrator and go to the Applications area, by clicking on Applications in the menu area. Press the CREATE APPLICATION button and choose “Regular Web Applications” and press the CREATE button. Select the AddOns tab and click on SAML2 Web App.

In the Application Callback URL field, enter https://app.workte.am/_saml/validate/auth0 and press the SAVE button at the bottom of the screen. Then at the top of the same screen, select the Usage tab. Copy the value of the Identity Provider Login URL and paste it into the Single Sign On URL in the SAML settings in Channelyze.

Copy the value of the Issuer field and paste it into the Issuer field in the SAML settings in Channelyze.

Click on download Auth0 certificate and open it into a text editor and copy the content between —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste it into the Certificate field in the SAML settings in Channelyze. You can include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines, but they will be removed when you save the settings.

Once you have created appropriate user accounts in Auth0, ensure that you authorize the Channelyze app to each user.

After having assigned the Channelyze application in Auth0 and after having configured Channelyze to authenticate with SAML rather than Channelyze password authentication, you are ready to create each user in Channelyze. Doing so will send a Channelyze invitation to the user. If you have already added users in bulk in Channelyze then you can simply send the invitations. Do this from the Users tab of the Organisation Settings, select the check box next to each user that you wish to invite and choose the Actions menu at the top of the page and choose “Send Channelyze Invitation”. When the user clicks on the link in the email invitation, they will be directed to Auth0 to authenticate with their Auth0 credentials. Once they have successfully authenticated, they will be directed back into Channelyze.

Configuring Channelyze in IBM Identity Connect

When configuring IBM Identity Connect SAML authentication in Channelyze, choose “IBM Cloud Connect” from the SAML IdP dropdown. You will be prompted to enter three fields:

  1. The Single Sign On URL

  2. The Issuer

  3. The Certificate

To find the values for each of these fields, log into IBM Cloud Identity as an administrator and go to the Applications area, by clicking on Applications in the menu area. Press the Add button and choose “Custom Application” and press the OK button. Enter a name for the application, e.g. ‘Channelyze’.

Click the Sign-on tab and ensure SAML 2.0 is selected in the Sign-on method dropdown. Leave the ‘Use Unique ID’ un-checked and enter https://workte.am/saml/sp into the Provider ID field. Then, enter https://app.workte.am/_saml/validate/ibm into the Assertion Consumer Service URL.

Check the Use identity provider initiated single sign-on check box and enter https://app.workte.am/_saml/validate/ibm into the Target URL field.

Enter https://app.workte.am/_saml/authorize into the Service Provider SSO field.

Ensure that the Sign authentication response check box is ticked and that the Validate SAML request signature is un-checked.

Press the SAVE button. Then from the right-hand pane, locate the value in the Provider ID field and paste it into the Issuer field in the SAML settings in the SAML settings in Channelyze.

Then, in the right hand pane, locate the Login URL and copy the value and paste it into the Single Sign On URL field in the SAML settings in Channelyze.

Then, locate the Signing certificate in the right hand pane and copy the content between —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste it into the Certificate field in the SAML settings in Channelyze. You can include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines, but they will be removed when you save the settings.

Once you have created appropriate user accounts in IBM Cloud Identity, ensure that you authorize the Channelyze app to each user.

After having assigned the Channelyze application to each relevant user in IBM Cloud Identity and after having configured Channelyze to authenticate with SAML rather than Channelyze password authentication, you are ready to create each user in Channelyze. Doing so will send a Channelyze invitation to the user. If you have already added users in bulk in Channelyze then you can simply send the invitations. Do this from the Users tab of the Organisation Settings, select the check box next to each user that you wish to invite and choose the Actions menu at the top of the page and choose “Send Channelyze Invitation”. When the user clicks on the link in the email invitation, they will be directed to IBM Cloud Identity to authenticate with their IBM Cloud Identity credentials. Once they have successfully authenticated, they will be directed back into Channelyze.

Configuring Channelyze in Microsoft Azure Active Directory

When configuring Microsoft Azure Active Directory SAML authentication in Channelyze, choose “AD Azure” from the SAML IdP dropdown. You will then be prompted to enter three fields:

  1. The Single Sign On URL

  2. The Issuer

  3. The Certificate

To find the values for each of these fields, log into the Microsoft Azure portal and select Azure Active Directory in the left-hand list. In the Overview pane, select Enterprise applications Press the New application button in the pane that appears and choose “Non-gallery Application”. Enter a name for the application, e.g. ‘Channelyze’ and press the Add button.

Click the Single sign-on entry in the left-hand menu and then from the Single sign-on mode drop down, choose SAML based-sign on.

Set the Identity (Entity ID) field to https://workte.am/saml/sp, enter https://app.workte.am/_saml/validate/azure into the Reply URL field.

Then, at the bottom of the pane, click on Configure Channelyze. A new pane will appear to the right of the current pane.

Copy the SAML Entity ID value and paste it into the SAML Entity ID field in the SAML settings in Channelyze.

Next, from the new pane, copy the value of the SAML Single Sign-On Service URL field and paste it into the “SAML Single Sign On URL” field in the SAML settings in Channelyze.

Then in the new pane, click on the link “SAML Signing Certificate - Base64 encoded”. The certificate file will be downloaded to the Downloads folder. Open the file into a text editor and copy the content between —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste it into the SAML Signing Certificate field in the SAML settings in Channelyze. You can include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines, but they will be removed when you save the settings.

Once you have created appropriate user accounts in Microsoft Azure Active Directory and assigned the Channelyze application to each user relevant user.

After having assigned the Channelyze application to each relevant user in Microsoft Azure Active Directory and after having configured Channelyze to authenticate with SAML rather than Channelyze password authentication, you are ready to create each user in Channelyze. Doing so will send a Channelyze invitation to the user. If you have already added users in bulk in Channelyze then you can simply send the invitations. Do this from the Users tab of the Organisation Settings, select the check box next to each user that you wish to invite and choose the Actions menu at the top of the page and choose “Send Channelyze Invitation”. When the user clicks on the link in the email invitation, they will be directed to Microsoft Azure Active Directory to authenticate with their Microsoft credentials. Once they have successfully authenticated, they will be directed back into Channelyze.

Configuring Channelyze in GSuite

When configuring Google GSuite SAML authentication in Channelyze, choose “Generic SAML” from the SAML IdP dropdown. You will be prompted to enter three fields:

  1. The Single Sign On URL

  2. The Issuer

  3. The Certificate

To find the values for each of these fields, log into the GSuite admin console and choose SAML apps from the Apps menu. Press the Add button (bottom right hand corner) and choose “Setup My Own Custom App”. From the page shown, make a note of the value of the SSO URL and the Entity ID. Also download the certificate and open it into a text editor, ready to copy later.

Press Next and enter a name for the application, e.g. ‘Channelyze’, into the Application Name field. Press Next.

Enter https://app.workte.am/_saml/validate/saml into the ACS URL field and enter https://workte.am/saml/sp into the Entity ID field. Leave the Start URL blank and everything else in the page unchanged at the default settings.

Press the SAVE button. Then from the right-hand pane, locate the value in the Provider ID field and paste it into the Issuer field in the SAML settings in the SAML settings in Channelyze. In the final page press the Finish button.

Now open the SAML settings in Channelyze, by clicking on the settings button in the Single Sign On box in the Single Sign On and User Provisioning panel.

Choose Generic SAML from teh SAML IdP dropdown. Now paste the value of the SSO URL (that you noted earlier) into the the Single Sign-on URL field. Next, paste the value of the Entity ID (that you noted earlier) into the Issuer field.

Then, locate the Signing certificate text from the text editor (that you noted earlier) and copy the content between —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and paste it into the Certificate field in the SAML settings in Channelyze. You can include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines, but they will be removed when you save the settings.

Once you have created appropriate user accounts in GSuite, ensure that you authorize the Channelyze app to each user.

After having assigned the Channelyze application to each relevant user in GSuite and after having configured Channelyze to authenticate with SAML rather than Channelyze password authentication, you are ready to create each user in Channelyze. Doing so will send a Channelyze invitation to the user. If you have already added users in bulk in Channelyze then you can simply send the invitations. Do this from the Users tab of the Organisation Settings, select the check box next to each user that you wish to invite and choose the Actions menu at the top of the page and choose “Send Channelyze Invitation”. When the user clicks on the link in the email invitation, they will be directed to GSuite to authenticate with their GSuite credentials. Once they have successfully authenticated, they will be directed back into Channelyze.