Skip to main content

Integrating with your SSO Provider

Lauren Bareket
  • Updated

Interested in setting up SSO for easy user authentication in Ethena? This is available for all Ethena Premium customers. SSO configuration is not currently available for Ethena Standard (self-serve) customers.

Note: If you are a Sequoia Advisory customer please reach out to support@goethena.com to inquire about adding this.

 

About Ethena's SSO Connections

Ethena partners with Auth0 to provide IdP-initiated and SP-initiated SSO workflows through SAML or Open ID Connect. 

Our technical team will work directly with your SSO administrator within your organization to exchange the necessary credentials and troubleshoot the SSO connection. Once the initial setup is complete on your end, you can reach out to support@goethena.com for help configuring the integration.

A few additional notes to keep in mind:

  • Ethena enables IdP-initiated workflows by default. If you'd like IdP-initiated workflows disabled, reach out to support@goethena.com.
    • If you set up your SSO integration prior to June 2026, IdP-initiated workflows may be disabled for your connection. Reach out to us if you'd like it to be connected.
  • Email address is the core metadata requested, as this is how Ethena uniquely identifies learners. If you would prefer to use user ID (if, for example, you have some users without email addresses), reach out to support@goethena.com.
  • We do not support traditional SCIM/just-in-time provisioning, but we do offer API-based integrations with Okta, Microsoft Entra ID, Google Workspace, and others. If you'd like your IdP to be the source of truth for user provisioning, please see our HRIS integration article.

 

SSO Configuration Guides

The following guides provide step-by-step instructions on SSO configuration, depending on your Identity Provider:

 

Okta SSO Integration Guide

  1. Choose a one-word, all lowercase company name to use throughout the below steps wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
  2. Create a new SAML connection in Okta using the following settings:
    • You can use the Ethena logo to identify the connection.
    • Set the sign on URL to: https://ethena.auth0.com/login/callback?connection=company. Check the box that says "use this for recipient and destination..."
    • Audience: urn:auth0:ethena:company
    • Ensure that the following settings are chosen, matching the screenshot below:
      • Name ID format: EmailAddress
      • Attribute Statements:
        • Name: email
        • Value: user.email
  3. Send the following details over to support@goethena.com:
    • The x.509 certificate and Identity Provider Single Sign-On URL, or the downloadable metadata file
    • The one-word company name you chose for your ACS URL and Entity ID
    • All potential learner email domains that should be added to the home-realm list (e.g. acmecorp.com, ext.acmecorp.com)
  4. From there, Ethena will set up the integration and send over a test link. Once testing is complete, Ethena will set the integration live.
    • You will likely also need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  5. Once live, users will be able to navigate to Ethena directly from your IdP or through your company-specific link: https://app.goethena.com/training?sso=company

 

Microsoft Entra ID SSO Integration Guide

  1. Choose a one-word, all lowercase company name to use throughout the below steps wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
  2. Create a new SAML application in your SSO provider portal named “Ethena”, and if desired use the Ethena logo.
  3. Input the following for the Sign On URL (Optional in Azure, but good to have): https://app.goethena.com/training?sso=company
  4. Input the following for the Reply URL (Assertion Consumer Service URL (ACS)) in Azure: https://ethena.auth0.com/login/callback?connection=company
  5. For “Entity ID”, or “Audience”, use urn:auth0:ethena:company as the Entity ID.
  6. For NameID Format, choose Email Address if possible. Generally ensure that your SSO provider is including email as the primary way of identifying users to Ethena.
  7. No other settings should need to be filled.
  8. You will likely need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  9. Send the following details over to support@goethena.com:
    1. The x.509 certificate and Identity Provider Single Sign-On URL, or the downloadable metadata file
    2. The one-word company name you chose for your ACS URL and Entity ID
    3. All potential learner email domains that should be added to the home-realm list (e.g. acmecorp.com, ext.acmecorp.com)
  10. From there, Ethena will set up the integration and send over a test link. Once testing is complete, Ethena will set the integration live.
    1. You will likely also need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  11. Once live, users will be able to navigate to Ethena directly from your IdP or through your company-specific link: https://app.goethena.com/training?sso=company

 

Google Workspace SSO Integration Guide

  1. Choose a one-word, all lowercase company name to use throughout the below steps wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
  2. As a Google workspace admin, navigate to Apps > Web and Mobile Apps. Then click “Add App” at the top and choose “Add custom SAML app”.
  3. Input “Ethena” as the app name. Optionally you can include the Ethena logo. Click “Continue”.
  4. Click “download metadata” and save it so you can send our team the .xml file to complete setup.
  5. On the next screen, input https://ethena.auth0.com/login/callback?connection=company as the ACS URL and enter urn:auth0:ethena:company as the Entity ID. Leave the Start URL blank.
  6. Send the following details over to support@goethena.com:
    1. The .xml file you downloaded
    2. The one-word company name you chose for your ACS URL and Entity ID
    3. All potential learner email domains that should be added to the home-realm list (e.g. acmecorp.com, ext.acmecorp.com)
  7. From there, Ethena will set up the integration and send over a test link. Once testing is complete, Ethena will set the integration live.
    1. You will likely also need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  8. Once live, users will be able to navigate to Ethena directly from your IdP or through your company-specific link: https://app.goethena.com/training?sso=company

 

General SSO Integration Guide

  1. Choose a one-word, all lowercase company name to use throughout the below steps wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
  2. Create a new SAML application in your SSO provider portal named “Ethena”, and if desired use the Ethena logo.
  3. You will need to input an “ACS URL” or “Sign on URL”, which should be https://ethena.auth0.com/login/callback?connection=company
  4. For “Entity ID”, or “Audience”, use urn:auth0:ethena:company as the Entity ID.
  5. For NameID Format, choose Email Address if possible. Generally ensure that your SSO provider is including email as the primary way of identifying users to Ethena.
  6. No other settings should need to be filled.
  7. You will likely need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  8. Send the following details over to support@goethena.com:
    1. The x.509 certificate and Identity Provider Single Sign-On URL, or the downloadable metadata file
    2. The one-word company name you chose for your ACS URL and Entity ID
    3. All potential learner email domains that should be added to the home-realm list (e.g. acmecorp.com, ext.acmecorp.com)
  9. From there, Ethena will set up the integration and send over a test link. Once testing is complete, Ethena will set the integration live.
    1. You will likely also need to assign users in your organization access to the application. Please ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
  10. Once live, users will be able to navigate to Ethena directly from your IdP or through your company-specific link: https://app.goethena.com/training?sso=company

Related to

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.