If your organization is on the Enterprise plan and you are an administrator, you can configure SAML authentication. In this example we are using OneLogin (for a detailed walkthrough on how to do SCIM provisioning, read this article).

In Favro, open the Administration page, found in the avatar menu, go to Authentication methods and click Configure under SAML authentication.

Enter the name of your domain and click Add domain.

Now, go to OneLogin, Apps and Add apps. Search for Favro and select Favro SAML 2.0 (in the following screen you can set icon and display name).

Once the app is saved, go to the SSO tab. Here you need to add https://favro.com/saml/assert as the Issuer URL. Next, you need to copy the SAML 2.0 Endpoint and the SLO Endpoint content,

and paste these into the SAML login url and SAML logout url fields in the Favro SAML configuration.

Back in OneLogin, click View Details under the certificate from the SSO tab. The page shown contains the certificate.

Copy the entire string and paste it into the field SAML identity provider certificate in Favro.

Next, you need to prove ownership of the domain name. Add the TXT record found in Domain verification to your DNS configuration and click Verify now. An example of how this can look: favrotest.com.        30    IN    TXT    "favro-verification=TXTRECORD"

You can now set a custom message for your users (if wanted), choose whether users should be auto-added to your organization on sign-in, and save configuration. User that are not automatically added to your organization can start their own Favro trials, but will still need to authenticate through your chosen SAML/SSO provider.


And that's it. New users will be created on first sign in to Favro. Note that Administrators still sign in with Favro authentication even if they are OneLogin users. Users can also sign in via OneLogin and click the Favro app there to access it.

Next, we recommend that you read this article on provisioning users with SCIM.

Did this answer your question?