Logging in with SSO

EverTrue offers authentication with any SAML 2.0 standard compatible Identity Provider. If SSO is enabled, users will take the following steps to log in:

• User will enter their email at app.evertrue.com.
• User will click Enter with Organization.
• User will be redirected to your organizations SAML page to log in with their credentials. If your institution uses an MFA option like Duo, then they will go through those steps. 
• User will be redirected to the EverTrue platform once authentication is successful. 

Information on setting up the SSO configuration can be found below. 

---

Configuring SAML 

EverTrue offers Production metadata files. Please reach out to your Implementation Partner or genius@evertrue.com to receive these files.

EverTrue Primary Service Provider Info (Prod)

• Relying Party Identifier: urn: amazon : cognito :sp:us-east-1_CwuWocnXP
• SAML Assertion Endpoint: POST https://evertrue-1b.auth.us-east-1.amazoncognito.com/saml2/idpresponse
• Required SAML Fields: Name ID

Key Settings

• NameID is the only required field.
• NameID must be persistent. Typically, EverTrue customers use UID or email (you should choose whatever your users are most accustomed to using logging in with).
• We cannot accept encrypted assertions.

---

For any other questions reach out to EverTrue Support at genius@evertrue.com.