SAML-based single sign-on (SSO) gives members access to Otter through an identity provider (IDP) of your choice.
• Identity Provider (IdP) Initiated Flow
• Service Provider (SP) Initiated Flow
• Just-in-time (JIT) provisioning
• Session duration configured in your IdP
Who can use this feature
• Available to Otter for Enterprise plan (100 seats minimum) only
• Only the admin can configure SSO for the team. Once configured, SSO is available for use for every team member.
If your organization uses Okta as the identity provider, please read the setup guide here. Otherwise, please continue.
Before you start ...
Please contact your Otter.ai account manager to enable SSO before you proceeding to the following setup steps.
Step 1: Configure your identity provider
Before you start: know your Team Handle
On Otter.ai Team Settings page, choose "Settings & Security" tab, locate "SAML Authentication", and click "Configure". You can find your team handle at the top of the popup dialogue.
Single Sign On URL
Also known as “SSO post-back URL”, “Assertion Consumer Service URL”, “ACS URL”
Also known as “Audience”
- NameID: (required) the NameID must be unique, pseudo-random, and will not change for the user over time — like an employee ID number. The NameID Format must be “persistent”
<saml2:Subject> <saml2:NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> userName </saml2:NameID> </saml2:Subject>
- email: (required) the user’s email address
<saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xsi:type="xs:string"> user.email </saml2:AttributeValue> </saml2:Attribute>
- first_name: (required) the user’s first name
<saml2:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xsi:type="xs:string"> user.firstName </saml2:AttributeValue> </saml2:Attribute>
- last_name: (required) the user’s last name
<saml2:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xsi:type="xs:string"> user.lastName </saml2:AttributeValue> </saml2:Attribute>
Step 2: Set up SAML SSO for Otter
- Visit https://otter.ai/manage-team/team-settings
- In Privacy & Security tab, find SAML Authentication. Click “Configure”.
- Enter your SAML Endpoint URL (this came from setting up your identity provider earlier.) This is where authentication requests from Otter will be sent.
- Enter your Identity Provider Issuer URL (also known as the IdP Entity ID).
- Copy the entire x.509 Public Certificate from your identity provider.
- Choose whether to make SAML Authentication an optional sign-in method, or make it mandatory for all team members. We recommend making it optional until you’ve fully tested and verified the connection.
- Click “Test configuration”. We'll let you know if the changes are successful or whether you need to make further changes.
- When you are ready, click “Save Configurations & Enable”.
- Remember to change to mandatory SSO for all team members when it’s ready, so as to prevent members from using other sign-in methods.