Evernote

Evernote's SAML configuration requires two inputs: the SAML HTTP Request URL (the IdP SSO endpoint) and the X.509 signing certificate. Evernote does not expose an ACS URL or Entity ID in its admin console in the same way as other SaaS platforms, so the Entity ID is the fixed value https://www.evernote.com/saml2. Once configured, Evernote Teams handles SP-initiated SSO for older accounts and supports both SP and IdP-initiated flows for updated accounts.

SSO in Evernote applies to team content access. Evernote Teams account administrators retain the ability to log in with their standard Evernote credentials even after SSO is enabled, which allows recovery access if the identity provider is unavailable.

Prerequisites

• Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.

• Evernote Teams account: Administrator access to the Evernote admin console. SSO is available on Evernote Teams plans only.

• Evernote user accounts provisioned: Each team member must have an Evernote account with an email address that matches their record in the 1Kosmos directory before SSO is enabled.

• 1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.

Configuration values

Values to collect from 1Kosmos AdminX (IdP) for Evernote:

Fixed Evernote SP values to enter in AdminX:

Integration steps

Step 1: Add Evernote as a SAML application in AdminX

• Log in to the AdminX portal and navigate to Applications → Add Application.

• Scroll to Custom App, select SAML 2.0 Generic, and click Add integration.

• Enter "Evernote" as the Application Name, set Instance to Production, and enter https://www.evernote.com as the Application Access URL. Click Next.

• Set NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and NameID Value to email. Add a claim for email (Username). Click Next.

• Enter https://www.evernote.com/saml2 as the SP Entity ID. Evernote does not expose a separate ACS URL in the admin console. Enable Assertion signing and click Save.

Step 2: Configure SSO in the Evernote admin console

• Sign in to Evernote at evernote.com and navigate to the admin console using the key icon in the lower left panel.

• Click Single Sign-On from the left navigation menu.

• In the SAML HTTP Request URL field, paste the 1Kosmos SSO Login URL.

• In the X.509 Certificate field, paste the 1Kosmos signing certificate content in PEM format, including the ----BEGIN CERTIFICATE----- and ----END CERTIFICATE----- lines.

• Set a Session Duration value greater than 1 (the number of days before users must re-authorize their SSO token). A value of 7 or 30 days is typical.

• Click Save and Enable.

Step 3: Test the integration

• Open an incognito browser window, navigate to https://www.evernote.com/Login.action, and initiate the SSO login flow.

• Confirm you are redirected to the 1Kosmos login screen. Authenticate biometrically using the 1Kosmos mobile app.

• Confirm you are returned to Evernote and have access to team content.

• Test with a single account before enforcing SSO as a requirement for all team members.

Attribute mappings

Integration notes

Once SSO is enabled and set to required in Evernote, all team members must authenticate through 1Kosmos to access team content. Team administrators can still log in using their standard Evernote credentials as a fallback.

If a new team member's email address is not registered with 1Kosmos, they will not be able to access Evernote through SSO. New employees must be enrolled in 1Kosmos before their first Evernote login after SSO enforcement is enabled.