All Collections
Integrations
SSO
SSO Integration: A Custom SAML Provider
SSO Integration: A Custom SAML Provider

We can integrate with any SAML provider. This article lists the required settings and parameters.

Michael Wallace avatar
Written by Michael Wallace
Updated over a week ago

Apart from OneLogin and Okta, itโ€™s possible to setup a custom SAML IDP for your employee data. Here are the IDP configuration settings:

  • RelayState: plusplus_saml

  • Service Provider Entity ID / Audience: https://www.plusplus.co

  • ACS URL: https://{{ your_plusplus_domain_url }}/auth/complete/saml/

  • Recipient: https://{{ your_plusplus_domain_url }}/auth/complete/saml/

  • Signature Algorithm: SHA-1

  • NameID: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

  • RequestedAuthnContext Comparison: exact

  • RequestedAuthnContext AuthnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

  • Signing method: Signed responses/messages (not assertions)

  1. Go to Menu โ‡’ Settings โ‡’ Security

  2. Within the Single Sign On (SSO) section, enable Custom SAML Login Provider

  3. Within the SAML Settings section, configure the SAML parameters:

    1. Issuer URL

    2. SAML endpoint

    3. X.509 certificate

    4. Email field

    5. First name field

    6. Last name field

    7. Picture field (optional)

    8. Authentication context classes

    9. Authentication context comparison

    10. Login button label (optional)

    11. Login button color (optional)

The settings panel looks like this:

Did this answer your question?