How to configure SSO for your business

How to configure SSO for your business

How to configure SSO for your business

Note: Only your company’s account admins are authorized to configure SSO for the company’s Evernote account.

More about how to set up SSO for your own account

Evernote uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0). This means that our implementation of SSO integrates easily with any large identity provider that supports SAML 2.0. We also support ADFS.

Identity providers supported

To make setup easy, we’ve partnered with several identity providers, including Ping Identity, OneLogin, Okta, and Centrify.

Because Evernote uses SAML 2.0, you can use SSO with any SAML-supported identity provider, or create your own SSO implementation.

Enable Single Sign-On from the admin console

From the admin console, go to ‘Integrations’ and select ‘SSO.’

Single sign-on

From this page, you can:

  • Enable SSO: Make SSO a requirement for access to your company’s Evernote account content (Click Disable Single Sign-on to remove the SSO requirement)
  • Set the Session Duration: Enter the number of days users can remain signed in

Configure SSO with Ping, Okta, or OneLogin

From the admin console, go to 'Security' and select 'Authentication' and ensure that the following requirements are met:

  • The SAML HTTP Request URL is the link used to verify SSO
  • X.509 Certificate is from your SAML authentication
  • The 'Session Duration' is the number of days you want the SSO token to remain valid before your employees will have to re-authorize their token again. Note: The default value is 24 (days). It’s a good idea to configure this to a value greater than 24 days.

Frequently Asked Questions

Which identity providers does Evernote support?

Evernote uses the secure and widely adopted industry standard Security Assertion Markup Language (SAML). Our implementation of SSO integrates easily with any large identity provider that supports SAML.

We’ve partnered with the following identity providers:

  • Ping Identity
  • OneLogin
  • Okta

Other identity providers we support:

  • Centrify
  • Symplified
  • Auth0
  • Salesforce
  • CA Siteminder

I want to set up SSO with a provider not listed. How do I configure my own identity provider for SSO?

From the admin console, go to 'Security' and select 'Authentication' and ensure that the following requirements are met:

  • ACS URL: https://www.evernote.com/SamlConsumer.action.
  • Entity ID: https://www.evernote.com/saml2.
  • HTTP Redirect binding for SP to IdP and the HTTP Post binding for IdP to SP.
  • The NameID that contains the user's email address, which matches the Evernote user's business email address.
  • Assertions must contain a NameID with a Format of urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
  • The entire SAML response must be signed.

What’s an X.509 certificate?

An X.509 certificate is a security certificate that's used to verify your identity. It usually comes from your identity provider. It can come in a variety of formats, but Evernote only accepts the .pem format. Below is a sample of an encoded certificate:

Single sign-on certificate

How are people notified when SSO is enabled?

Once your company enables SSO for your company’s Evernote account, the Evernote account admins should send an email to notify team members that SSO has been enabled.

What happens when a new employee wants to join the company’s Evernote Business account?

If your company has configured SSO as a requirement, the new employee’s email address needs to be registered with your identity provider. Otherwise, they will not be able to sign in and access Evernote.

How does SSO work with two-step verification?

If your company has decided to make SSO a requirement, authentication will be determined by the identity provider they’ve chosen to use. Your company can always add more layers of security through the identity provider.

Any security features that Evernote itself provides, such as two-step verification or the ability to reset passwords, are no longer in effect because the identity provider now handles all aspects of authentication.

LANGUAGES_ALL

Keywords:

  • configure sso
  • enable sso
  • security
  • set up sso
  • single sign on
  • single sign-on
  • sso
Playing video %{current} of %{total}
Video %{current} of %{total}