Overview

Prerequisites

• Access to your organization’s SAML 2.0-compatible Identity Provider (IdP) (e.g., Azure Entra ID, Okta, OneLogin, etc.)
• Administrative access to your eScribe tenant
• An email address for each user that matches the NameID in the SAML assertion (must match the configured SSO account in eScribe)

Navigate to Authentication

• Go to Settings > Authentication tab to access the SSO Setup
• Click "Add Single Sign-On" to start the setup

eScribe SSO Wizard Steps

Step 1: Service Provider (SP) Settings

• Entity ID

• Assertion Consumer Service (ACS) URL / Assertion URL

• Assertion URL Validator (for OneLogin):

Step 2: Name Your Configuration

• Provide a descriptive name (e.g., ACME Azure SSO)

Step 3: Identity Provider Metadata

• Metadata URL: Paste the URL from your IdP
• Upload Metadata File: Upload the XML file provided by your IdP
• Manual Entry (if no metadata is available):
  • Entity ID
  • SSO URL
  • Certificate (X.509 format)

Step 4: Test and Enable

• Click Test Configuration to validate.
• Enable the SSO connection with the activation toggle

Step 5: Update Users in eScribe and IdP

• Ensure your users have access to the eScribe application in the IdP
• Navigate to User & Groups > User List > Click the 3 dot Menu > Edit User
  • Ensure your users are updated to "Single Sign On or eScribe Account & Single Sign On"

Optional: Require Single Sign-On

• After successfully setting up your SSO and users, admins have the option to require Single Sign-On for all users

Identity Provider Setup Instructions

Azure Entra ID (formerly Azure AD)

1. Go to Azure Portal > Enterprise Applications
2. Click New Application > Create your own application
3. Select Integrate any other application you don’t find and choose SAML

4. Under Basic SAML Configuration:

   Identifier (Entity ID):

Reply URL (ACS URL):

1. Under User Attributes & Claims:
   • Ensure NameID is set to the user's email
2. Download the Federation Metadata XML for Step 3 of the eScribe wizard

Google Workspace

1. Open admin.google.com > Apps > Web and mobile apps
2. Click Add App > Add Custom SAML app
3. App name: eScribe Meetings (upload logo if desired)
4. Google will display:
   • SSO URL
   • Entity ID
   • Certificate

1. In Service Provider Details:
   • ACS URL: https://<your-tenant>.escribemeetings.com/api/auth/saml/acs
   • Entity ID: https://<your-tenant>.escribemeetings.com
2. In Attribute Mapping:
   • Primary email → NameID

Okta

1. Go to Applications > Create App Integration
2. Select SAML 2.0
3. App Name: eScribe Meetings
4. In SAML Settings:
   • Single sign on URL: https://<your-tenant>.escribemeetings.com/api/auth/saml/acs
   • Audience URI (SP Entity ID): https://<your-tenant>.escribemeetings.com
5. In Attribute Statements:
   • NameID format: emailAddress
6. After saving:
   • Go to the Sign On tab → View Setup Instructions
   • Use the metadata link or manually copy values into eScribe

OneLogin

1. Go to Apps > Add App → Search for SAML Test Connector (Advanced)
2. App Name: eScribe Meetings
3. In the Configuration tab:
   • ACS (Consumer) URL: https://<your-tenant>.escribemeetings.com/api/auth/saml/acs
   • ACS Validator: ^https:\/\/<your-tenant>\.escribemeetings\.com\/api\/auth\/saml\/acs$
   • Entity ID: https://<your-tenant>.escribemeetings.com
4. In Parameters:
   • Set NameID to use Email
5. Under SSO:
   • Copy the Issuer URL, SAML 2.0 Endpoint, and X.509 Certificate for use in the eScribe wizard