Getting Started

Admin Portal provides three different sign-in options to cater to your organization’s needs and preferences. These options are designed to provide convenience and security for users accessing the portal. Access the sign-in page at the Admin Portal.

Access the unified Portal to manage applications, organization configuration, and secure administrator access. This guide covers current sign‑in methods (Email & SAML SSO), rollout, and operational best practices. Google sign-in has been deprecated (@gmail domain).

Google sign-in (@gmail domain) has been deprecated and is no longer available. Migrate any residual flows to SAML SSO or Email + Password.

Email Login

Baseline credential access

SAML SSO

Centralized identity & governance

Provision

Auto user creation via SSO

Migrate

Link legacy accounts

Audit

Track access changes

Resilience

Maintain break‑glass account

Direct portal credentials (use for initial access or controlled break‑glass fallback).

SSO (SAML) Enablement Workflow

Engage Support

Contact support with org domain & desired scope (all users or whitelist subset).

Configure IdP

Set Assertion Consumer (Response) URL: https://amity-portal-prod-auth.amity.co/saml2/idpresponse

Audience Restriction

urn:amazon:cognito:sp:eu-central-1_gcJoCA15K

Attribute Mapping

Map email → http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Domain Sign-In

Users choose “Sign in with SSO”, enter org domain, redirected to IdP.

User Migration

Existing portal accounts linked to SSO identities post first successful SAML assertion.

Delete legacy direct admin accounts before activation if you want to strictly enforce SSO-only access.

Post-SSO Behavior

Automatic Provisioning

Console User Creation Disabled

Legacy Accounts

Security Consolidation

Migration Tips

Inventory current admin users; decide which persist; communicate cutover date.

Metrics & Monitoring

Metric	Purpose	Healthy Signal	Action Trigger
First Login Success %	Onboarding friction	≥ 95%	Drop → review IdP attribute mapping
Legacy Account Count	Progress toward full SSO adoption	Trending to 0	Flat > 0 for 2 cycles → enforce cleanup
SSO Provision Time	Automation latency	< 30s	Delays → check webhook / IdP latency
Failed SAML Assertions	Detect config issues	Near 0	Spike → validate Audience / ACS URL
Duplicate Emails	Identity collision	0	Any → merge / remove stale account

Troubleshooting

Issue	Likely Cause	Resolution
SSO option not shown	Org not enabled	Confirm enablement with support
Assertion Consumer mismatch	Wrong ACS URL	Update IdP to official URL
Audience validation error	Incorrect Audience string	Use urn:amazon:cognito:sp:eu-central-1_gcJoCA15K
User loops back to login	Attribute (email) not mapped	Map email claim correctly
Duplicate account created	Case variation in email	Normalize email casing & merge
Cannot remove legacy account	Still active sessions	Terminate sessions then delete

Best Practices

Least Privilege

Periodic Review

Break-Glass Access

Communication Plan

Logging & Alerting

Admin Access Control

Roles & permissions

Security

Secure Mode & keys

If you need assistance validating your SAML metadata, contact support with the IdP entityID and certificate fingerprint.

Overview

Admin Console

Admin Portal

Analytics Dashboard

Support

Email Login

SAML SSO

Provision

Migrate

Audit

Resilience

SSO (SAML) Enablement Workflow

Post-SSO Behavior

Migration Tips

Metrics & Monitoring

Troubleshooting

Best Practices

Admin Access Control

Security

Overview

Admin Console

Admin Portal

Analytics Dashboard

Support

Email Login

SAML SSO

Provision

Migrate

Audit

Resilience

​Sign-In Options

​SSO (SAML) Enablement Workflow

​Post-SSO Behavior

​Migration Tips

​Metrics & Monitoring

​Troubleshooting

​Best Practices

​Related

Admin Access Control

Security

Sign-In Options

SSO (SAML) Enablement Workflow

Post-SSO Behavior

Migration Tips

Metrics & Monitoring

Troubleshooting

Best Practices

Related