search
Ctrlk

πŸ” SAML Single Sign-On (SSO)

Our application supports SAML-based Single Sign-On (SSO) to help organizations centrally manage user authentication through their Identity Provider (IdP), such as Okta, Azure AD, or Google Workspace.

hashtag
⚠️ Important Note About Login Options

By default, we use Google OAuth to authenticate users. However, once SAML is enabled, Google Sign-In will be disabled. All users in your organization will be required to log in using your configured SAML Identity Provider.

hashtag
1. Enable SAML in Your Admin Console

In your admin settings:

  • Navigate to the Authentication section.

  • Enable the SAML Enabled toggle.

  • Fill the SAML Metadata of your Identity Provider.

  • Save the configuration.

πŸ“Œ Your metadata XML typically starts with:

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="http://www.okta.com/..."
SAML Metadata is required

hashtag
2. Obtain our Service Provider (SP) Metadata

You will need the service metadata to configure our service within your Identity Provider. To obtain it, on the same page, click on the Service Provider Metadata button. You should see a modal with the following information

  • Entity ID

  • ACS (Assertion Consumer Service) URL

  • NameID Format

The values here are an example from our sandbox environment

Use this information to configure a new SAML application in your IdP.

hashtag
βœ… Finalize and Test

Once configured:

  • Test logging in via your Identity Provider. To do so, click on Sign in with SSO button.

    • Sign in with Google will not work anymore, unless you disable SAML.

    • SSO must be used on the Web version and on the Admin too.

  • Ensure user accounts match by email address (as per NameID format).

If you encounter any issues, feel free to reach out to our support team for assistance.

Buttons for login

hashtag
πŸ‘₯ Optional: SCIM for User Provisioning

We also support SCIM (System for Cross-domain Identity Management) to allow automated provisioning and deprovisioning of users from your Identity Provider.

With SCIM, you can:

  • Automatically create users in our platform when they're assigned access in your IdP.

  • Automatically deactivate users when they're unassigned or removed in your IdP.

  • Sync user attributes like name, email, and groups.

To enable SCIM:

  1. For now we only support Bearer Token authentication that must be configured on the Admin.

  2. The base be obtained by cliking on the SCIM Endpoint button.

  3. Configure your Identity Provider (Okta, Azure AD, etc.) with the provided SCIM endpoint and token.

  4. Set up attribute mappings as needed.

πŸ“Œ SCIM is optional but highly recommended for teams managing users at scale.

PreviousArcwise setupNextUser & Role Management

Last updated