Single Sign-On

Envestnet Enterprise supports single sign-on (SSO) for advisors, home office users, money managers, and clients using IdP-initiated SAML 2.0. Partners can enable direct access to Envestnet and optionally deep-link users to specific pages.

Documentation

Technical Overview

Envestnet supports IdP-initiated SAML 2.0 SSO in UAT and Production and manages SSO configuration and federated IDs. A firm code (included in the ACS URL) identifies the partner and is used to validate SAML responses against the correct signing certificate; SSO can also support deep links and limited user contact/entitlement attributes.

Onboarding

Onboarding typically completes 4-6 weeks after kickoff and may require a Statement of Work (SOW) unless included in a broader engagement. During discovery, Envestnet confirms IdP approach, deep links, and any JIT provisioning needs. SAML responses must be encrypted using Envestnets SSO certificate; partners provide a UAT signing certificate (Base64 .cer, .pem, or metadata), and Envestnet provides the encryption certificate and ACS URL.

Build, Test & Launch

Envestnet sets up the connection, firm code, and UAT test accounts. After UAT is complete, Envestnet completes the setup in Production and updates the production signing certificate.

Getting Started

To access the API reference, documentation, and credentials, you’ll need Envestnet Developer Portal credentials. Please contact your Account Manager to discuss your business needs. Our Integrations Team can schedule a discovery session to review requirements and confirm supported service request workflows and capabilities.