Setup

The Lang.ai team will provide you the following values during the setup:

  • Single Sign on URL

  • Audience URI

In order to complete the configuration, you will need to provide Lang.ai the following information:

  • Identity Provider Single Sing-On URL

  • X.509 Certificate

Configuration Steps

  1. In the Admin Console, go to Applications > Applications

  2. Click Create App Integration. Select SAML 2.0 as the Sign-on method

  3. Click Next

  4. Configure general settings by adding the app name “Lang.ai

  5. Configure SAML settings

    1. Single Sign On URL: Use the value provided by Lang.ai

    2. Audience URI (SP Entity ID): Use the value provided by Lang.ai

    3. In the Attribute Statements set one attribute with the following values:

      • Name: emailaddress

      • Name format: "Basic"

      • Value: user.email

    4. Leave the rest options in the default values

  6. Click Next

  7. Select I'm an Okta customer adding an internal app

  8. In the Sign on tab, click in the SAML 2.0 View Setup Instructions button. You will see something like the following:

9. Copy the Identity Provider Single Sign-On URL and download the certificate. Share both the URL and the certificate with the Lang.ai team to complete the configuration.

Once the connection is configured, your platform success representative will contact you to configure the first admin user for your team. By default, all SSO users are created with the "member" role.

Testing your connection

Once you configured the connection successfully, follow these steps to test the connection:

  1. Navigate to your tenant URL: US, EU, or your custom single-tenant URL.

  2. Write your email in the log in screen

  3. You will be redirected to log in to the Okta User Dashboard

  4. The browser will be redirected back to the application and be automatically logged in. If it it's the first time the user logs in, then the user it will be created in Lang.ai with the "member" role.

FAQ

Here is a list of the frequently asked question regarding our SSO integration:

Question

Answer

My organization uses an identity service provider (IdP) that's not in the list above. Will it be supported?

If your IDP provides a SAML metadata URL for dynamic configuration, you can follow the same setup steps as above. Please contact support for SAML configuration assistance for other IDPs.

Does Lang support IdP-initiatied flows?

IdP-initiated flows carry a security risk and are therefore are disabled by default. This may be enabled upon request. Make sure you understand the risks before enabling IdP-initiated SSO.

How does Lang SAML SSO handle user provisioning?

Lang supports Just-in-Time (JIT) provisioning — the user is created the first time it completes the first login into Lang. The default role for these users is the "member" role. We don't currently support user provisioning with SCIM.

Does Lang SAML SSO support Single Logout?

Not at this time. If Single Logout is important to you, please contact our support team to let us know. Take into account that users are logged out after 30 minutes of inactivity. We also have an absolute logout for users every 12 hours.

What version of SAML does Lang support?

We currently support SAML v2.0.

Did this answer your question?