SSO Integration Guide

Logging in with Single Sign-On (SSO)

Amplified supports Single Sign-On through the following identity providers:

• Google (OAuth2)
• Okta (OIDC)
• Okta (SAML)
• Microsoft Entra ID (formerly Azure AD) (SAML)

Google OAuth2 SSO integration

Requirements

Your users must already have been invited to, and accepted their invitation to your Amplified team.

Configuration Steps 

No configuration is necessary to sign in with Google. Your users can click the Sign in with Google button on the Amplified log in page, which will redirect to Google to authenticate and then send your users back to Amplified.

Okta OIDC SSO integration

Supported Features

• Identity Provider (IDP) initiated authentication This allows users to sign into Amplified from their Okta application dashboard

Requirements

In order to configure SSO through Okta, you must:

• Have your own Okta tenant;
• Be an administrator of that tenant;
• Have a confirmed Amplfied admin account with team members configured for each user who will sign in via Okta; and
• Have an Enterprise subscription to Amplified. Please see Amplified billing for details or to get in touch.

Configuration Steps

To enable SSO with Amplified, you need to add the Amplified app to your Okta tenant.

1. Log in to your organisation’s Okta tenant;
2. Navigate to Applications > Applications > Browse App Catalog and search for Amplified, then click Add Integration;
3. Enter an Application Label or accept the recommended default, Amplified . This is the name as which the Amplified app will appear to users on your Okta dashboard;
4. Click Next;
5. On the Sign-On Options tab, in the Sign on methods section choose OpenID Connect.
6. Click Done.
7. Click the Assignments tab of the Amplified application in Okta, and assign Amplified to everyone, a group, or those of your users who have Amplified accounts;
8. Click the Sign-On tab, and then click Edit in the Settings section;
9. In the OpenID Connect section, locate the Client ID field and copy the value to the clipboard;
10. In the Advanced Sign-on Settings section, paste your Client ID into the Client ID field, and at the bottom of the form click Save;
11. In another browser window, open the Single Sign-on configuration page in Amplified, and select Okta. Paste your Client ID into the Client ID field, but do not click Save yet - we have more values to copy from Okta in the next step;
12. Return to your Okta window and click the Sign On tab, and copy the Secret value from Client secrets. Also make note of your Okta domain (e.g. yourcompany.okta.com), found in the dropdown user menu in the upper right corner of the page;
13. Return to your Amplified window and paste in the Okta domain (prefixing it with https:// if necessary), and Client secret values copied in the previous step, and click Save.

This completes the configuration of the Amplified integration with Okta. Your users should now be able to sign into Amplified from their Okta dashboard.

Congratulations!

Amplified is now fully configured for OIDC single sign-on with Okta.

Okta SAML integration

Supported features

The Okta/Amplified SAML integration currently supports the following features:

• SP-initiated single sign-on - this allows users to sign into Amplified using Okta for authentication, after visiting the Amplified login page;
• IdP-initiated single sign-on - this allows users to sign into Amplified from their Okta application dashboard.

Requirements

In order to configure SAML SSO through Okta, you must:

• Have your own Okta tenant;
• Be an administrator of that tenant;
• Have a confirmed Amplified admin account with team members configured for each user who will sign in via Okta; and
• Have an Enterprise subscription to Amplified. Please see Amplified billing for details or to get in touch.

Configuration Steps

To enable SSO with Amplified, you need to add the Amplified app to your Okta tenant.

1. Log in to your organisation’s Okta tenant;
2. Navigate to Applications > Applications > Browse App Catalog and search for Amplified, then click Add Integration;
3. Enter an Application Label or accept the recommended default, Amplified . This is the name as which the Amplified app will appear to users on your Okta dashboard;
4. Click Next;
5. On the Sign-On Options tab, under SAML 2.0 locate the Metadata details section. Copy the Metadata URL to the clipboard.
6. In a new browser window, open the Single Sign-on configuration page in Amplified, and select Saml. Click Change identity provider, locate the Federation metadata URL field, paste in the URL you copied from Okta in the previous step, and click Continue. In a few moments you should see a green message Identity provider updated, and the current identity provider should now read Okta, with your Tenant ID shown underneath. Click the clipboard icon to copy this Tenant ID value to the clipboard.
7. Return to your Okta browser window, and in the Advanced Sign-on Settings locate the Tenant ID field and paste in your Tenant ID copied from Amplified in the previous step.
8. Click Done.
9. Click the Assignments tab of the Amplified application in Okta, and assign Amplified to everyone, a group, or those of your users who have Amplified accounts. This will provide them with the Amplified application on their Okta dashboard.

Congratulations!

Amplified is now fully configured for SAML single sign-on with Okta.

Logging into Amplified with Okta SSO

For both SAML and OIDC, you can log into Amplified using Okta SSO in two ways:

1. By clicking the Amplified application in your Okta dashboard; or
2. On the Amplified login page, click the Use single sign-on (SSO) button, then enter your email address and click Continue with SSO. Your browser will be redirected to Okta for authentication, and then returned to your Amplified dashboard.

Microsoft Entra ID SAML integration

Supported features

The Entra ID/Amplified SAML integration currently supports the following features:

• SP-initiated single sign-on - this allows users to sign into Amplified using Entra ID for authentication, after visiting the Amplified login page; and
• IdP-initiated single sign-on - this allows users to sign into Amplified from their Entra ID application dashboard.

Requirements

In order to configure SAML SSO through Entra ID, you must:

• Have your own Entra tenant;
• Be an administrator of that tenant;
• Have a confirmed Amplified admin account with team members configured for each user who will sign in via Entra ID; and
• Have an Enterprise subscription to Amplified. Please see Amplified billing for details or to get in touch.

Configuration Steps

1. Navigate to the Entra Admin Center
2. Select Enterprise applications
3. Select New application
4. Select Create your own application
5. Input Amplified as the name, and choose Non-gallery as the application type. Click Create.
6. Under Manage click Single sign-on, then choose SAML .
7. In section 3, copy the App Federation Metadata Url to the clipboard
8. In a new browser window, open the Single Sign-on configuration page in Amplified, and select Saml. Click Change identity provider, locate the Federation metadata URL field, paste in the URL you copied from Entra ID in the previous step, and click Continue. In a few moments you should see a green message Identity provider updated, and the current identity provider should now read Microsoft Entra ID.
9. Click Download metadata and note the location of the downloaded file Amplified SAML metadata.xml
10. Return to Entra Admin Center, and click Upload metadata file, choosing the file you just downloaded from Amplified, and click Add .
11. Review the Basic SAML Configuration settings, click Save, and close that pane.
12. Repeat steps 7 through 11 to synchronize Amplified and Entra ID's SAML certificates. This completes the SAML configuration steps.
13. Under Manage, select Users and groups and assign Amplified to everyone, a group, or those of your users who have Amplified accounts. This will permit them to log into Amplified via Entra ID.

Congratulations!

Amplified is now fully configured for SAML single sign-on with Entra ID.

Logging into Amplified with Entra ID SSO

You can log into Amplified using Entra ID SSO in two ways IdP-initiated or SP-initiated authentication:

1. IdP-initiated: By clicking the Amplified application in your Entra dashboard; or
2. SP-initiated: On the Amplified login page, click the Use single sign-on (SSO) button, then enter your email address and click Continue with SSO. Your browser will be redirected to Entra ID for authentication, and then returned to your Amplified dashboard.