English (US)
Deutsch Español Français Français (Canada) Nederlands
Submit Request
Toggle navigation
  • Get Started
  • Hardware and Accessories
  • Compliance
  • Driver Safety
  • Driver Workflows and App
  • Vehicle Telematics
  • Equipment Monitoring
  • Site Visibility
  • API & Integrations
  • News and Announcements
  • Get Help

Single Sign-On (SSO) Authentication

  • Updated
Avatar
Written by John B.
  • Updated

Note

If you would like to use SSO, please contact Support to enable the feature.

Single sign-on (SSO) enables you to use a single identity provider (IdP) to manage access to Samsara. Unlike standard authentication, users don't need to remember a separate password to manually log in to Samsara and can use their corporate login.

Because IT Admins manage sensitive login information through one IdP system, using SSO reduces the security risk footprint. You can manage federated identity using either Google Authentication or a third-party SSO provider (for example, Okta or Azure).

To set up SSO, you generate and download a SAML (Security Assertion Markup Language) certificate from your IdP. The certificate is an X. 509 signing certificate used to encrypt and digitally sign the SAML assertions used in the SSO process. You then upload the certificate to the SSO configuration in the Samsara dashboard.

Note

Periodically, you will need to renew the x.509 certificate. To prevent access disruption due to an expired certificate, it is recommended to generate and replace the certificate before it expires. For more information, see Renew an x.509 Certificate.

Integrate Microsoft Entra as your IdP

Samsara supports integration with Microsoft Entra (formerly known as Azure). For instructions on integrating Azure as your IdP, see Tutorial: Microsoft Entra single sign-on (SSO) integration with Samsara.

Integrate Okta as your IdP in Samsara

If you use Okta as your IdP, you can configure authentication in Samsara to use your Okta user accounts. To complete the setup, you will need access to both the Samsara dashboard and your Okta Admin Console.

  1. In your Okta Admin Console, begin to set up an internal app integration that uses SAML 2.0 as the sign-on method.

    For full instructions, see the Okta documentation.

    okta-sso-app-settings.png

    During configuration, you will need to:

    • Supply a Single sign-on URL. Since you won't have your single sign-on URL until you complete the Samsara-side configuration, use a placeholder and later return to the configuration.

    • Configure SAML attributes.

      Name

      Value

      https://cloud.samsara.com/saml/attributes/email

      user.email

      https://cloud.samsara.com/saml/attributes/name

      user.firstName+" "+user.lastName

      Note

      When using name as an attribute, the dropdown doesn’t provide the option to specify full name as the value. In this case, use regex to present first name space last name.

      If needed, you can also use other SAML attributes.

    • Create and download the certificate used for authentication.

    • Set up users and groups that can use the Okta SAML configuration.

  2. In the Samsara dashboard, create a SAML connection:

    1. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

    2. Select Single Sign-On.

    3. Select New SAML Connection.

    4. Synchronize your SAML configuration details in Okta.

      saml-sso.png

      In the SAML app configuration in Okta, configure the following information:

      • Sign In Endpoint URL: Copy the Post-back URL (Assertion Consumer Service (ACS) URL) from the SAML configuration in the Samsara dashboard.

      • Audience URI: Copy the Service Provider Entity ID from the SAML configuration in the Samsara dashboard.

      • SAML Attributes: In Okta, specify attributes for the user's name and email.

        okta-sso-attributes.png

    5. Synchronize your SAML configuration details in Samsara.

      After you create the app in Okta, find the details on the Sign On tab under View SAML set up instructions. Then, in the SAML configuration in the Samsara dashboard, configure the following information:

      okta-sso-saml-config.png

      • Sign In Endpoint URL: Copy the Identity Provider Single Sign-on URL from Okta.

      • X.509 Certificate: Download this certificate from Okta.

      Then Save your settings.

  3. In Okta, assign users to the app. You can add users individually or use Groups to manage access.

    okta-sso-saml-config-assign-users.png

    Manually added users will receive an activation email from Okta to activate the account. After the user logs in to Okta, the new SSO tile is visible.

    okta-sso-tile.png

  4. Test to ensure that the users to whom you assigned access can access the Samsara dashboard using their Okta credentials.

    On login, any users that don't already have accounts in the Samsara dashboard will be automatically created with Read-only Admin (No Dash Cam Access) for Entire Organization. Adjust the user permissions, as needed.

    okta-user-creation.png

Feedback

Was this article helpful?
0 out of 0 found this helpful
Have more to say? We want to hear it!
Have more questions? Submit a request
Return to top

Comments

0 comments

Article is closed for comments.

Articles in this section

Chat with us