Skip to content

Generic SAML

This guide walks you through configuring a generic SAML identity provider for your application, enabling secure single sign-on for your users. You’ll learn how to set up a SAML application, configure service provider and identity provider settings, and test the connection.

  1. Login to your Identity Provider portal as an admin and create a new Application with SAML as the single sign-on method.

  2. Depending on your Identity Provider, they may allow you to configure Service Provider section in your SAML application via either of the three following methods:

    • via SAML Metadata URL
    • via SAML Metadata file
    • via copying ACS URL and Entity ID manually

    Copy the Metadata URL content in your Identity Provider portal

    Under Service Provider Details, click on Download Metadata XML and upload in your Identity Portal

    Download Metadata XML

    Copy the ACS URL (Assertion Consumer Service) and Service Provider Entity ID from the Service Provider Details section and paste them in the appropriate sections in your Identity Provider Portal.

  3. Configure Attribute mapping & assign users/groups

    Section titled “Configure Attribute mapping & assign users/groups”

    SAML Attributes need to be configured in your Identity Provider portal so that the user profile details are shared with us at the time of user login as part of SAML Response payload.

    User profile details that are needed for seamless user login are:

    • Email Address of the user
    • First Name of the user
    • Last Name of the user

    To configure these attributes, locate Attribute Settings section in the SAML Configuration page in your Identity Provider’s application, and carefully map the attributes with the Attribute names exactly as shown in the below image.

    Attribute Mapping section in SSO Configuration Portal

    To finish the Service Provider section of the SAML configuration, you need to “Assign” the users who need to access to this application.

    Find the User/Group assignment section in your Identity Provider application and select and assign all the required users or user groups that need access to this application via Single Sign-on.

  4. After you have completed the Service Provider configuration, you now need to configure the Identity Provider details in our SSO Configuration page.

    Depending on your Identity Provider, you can choose either of the below methods:

    • Automated Configuration (configuration via Metadata URL)
    • Manual Configuration (configuration via individual fields)

    If you supply the Identity Provider Metadata URL, our system will automatically fetch the necessary configuration details required like Login URL, Identity Provider Entity ID, X.509 Certificate to complete the SAML SSO configuration.

    Also, we will periodically scan this url to keep the configuration up-to-date incase any of this information changes in your Identity Provider reducing the manual effort needed from your side.

    Locate and copy the Identity Provider Metadata URL from your Identity Provider’s application.

    Under Identify Provider Configuration, select Configure using Metadata URL, and paste it under Metadata URL on the SSO Configuration Portal.

    Paste Issuer URL on SSO Configuration Portal

    1. Choose “Configure Manually” option in the “Identity Provider Configuration” section
    2. Carefully copy the below configuration details from your Identity Provider section and paste them in the appropriate fields:
      • Issuer (also referred to as Identity Provider Entity ID)
      • Sign-on URL (also referred to as SSO URL or Single Sign-on URL)
      • Signing Certificate (also referred to as X.509 certificate)
        • You can also upload the certificate file instead of copying the contents manually.
  5. To verify whether the SAML SSO configuration is completed correctly, click on Test Connection on the SSO Configuration Portal.

    If everything is done correctly, you will see a Success response as shown below.

    Test your SAML application for SSO configuration

    If there’s a misconfiguration, our test will identify the errors and will offer you a way to correct the configuration right on the screen.

  6. After you successfully verified that the connection is configured correctly, you can enable the connection to let your users login to this application via Single Sign-on.

    Click on Enable Connection.

    Enable Single Sign-on

    With this, we are done configuring your application for an SSO login setup.