You can find a step-by-step guide on some of the most common Identity Providers below. Don’t worry if you can’t find instructions for your IdP, it’ll work as long as it’s compliant with SAML 2.0.
When setting up SAML SSO in your IdP, please pay attention to the following:
- The NameID attribute needs to be a static and persistent value that will not change between users sessions — this is the value that identifies a user. On hosted IdPs, this is usual the case by default. If you are using a self-hosted IdP (like KeyCloak) please ensure this is configured correctly.
- EntityID: Enter the value you got in the first step. This is a unique value for your Workspace. Your IdP may also call it SP Entity ID, or Audience.
- ACS URL: Enter the value you got in the first step. This is a unique URL for your Workspace. Your IdP may also refer to it as SSO URL, Reply URL or Consumer URL.
- Attributes. Make sure you have the following SAML attributes created and mapped to those in your IdP that hold that information:
email
- at least one of these two:
first_name
and/orsurname
.