Apart from OneLogin and Okta, it’s possible to setup a custom SAML IDP for your employee data. Here are the IDP configuration settings:

  • RelayState: plusplus_saml

  • Service Provider Entity ID / Audience: https://www.plusplus.co

  • ACS URL: https://{{ your_plusplus_domain_url }}/auth/complete/saml/

  • Recipient: https://{{ your_plusplus_domain_url }}/auth/complete/saml/

  • Signature Algorithm: SHA-1

  • NameID: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

  • RequestedAuthnContext Comparison: exact

  • RequestedAuthnContext AuthnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

  • Signing method: Signed responses/messages (not assertions)

  1. Go to Menu ⇒ SettingsSecurity

  2. Within the Single Sign On (SSO) section, enable Custom SAML Login Provider

  3. Within the SAML Settings section, configure the SAML parameters:

    1. Issuer URL

    2. SAML endpoint

    3. X.509 certificate

    4. Email field

    5. First name field

    6. Last name field

    7. Picture field (optional)

    8. Authentication context classes

    9. Authentication context comparison

    10. Login button label (optional)

    11. Login button color (optional)

The settings panel looks like this:

Did this answer your question?