Skip to main content
Authsignal supports SAML 2.0 single sign-on (SSO) for the Admin Portal, allowing you to federate authentication to your organization’s identity provider.

Configuration

From the top right menu, navigate to Organization settings > SSO to access your SAML 2.0 configuration.
SSO settings page

Import from metadata

If your identity provider provides a metadata XML file, you can automatically populate your SSO configuration.
Import metadata modal
  1. Click Import from METADATA.xml
  2. Enter your identity provider’s metadata URL
  3. Click Import Metadata

Manual configuration

Alternatively, you can manually configure SSO by following these steps:
1

Get your service provider details

You’ll need the following values to configure SSO in your identity provider:
SP and ACS
Service provider (SP) entity IDThis is the unique identifier for Authsignal as a service provider. This value is unique to your tenant and can be found in the SSO settings page. Use this value when setting up SSO in your IdP.ACS URLThe Assertion Consumer Service URL is where your identity provider will send SAML responses. This value can be found in the SSO settings page. Use this value for the Assertion Consumer Service URL in your IdP.
2

Configure your identity provider

Configure SAML 2.0 in your identity provider using the service provider details above.Key configuration requirements:
  • Entity ID / Audience: Use the SP Entity ID
  • ACS URL / Reply URL: Use the ACS URL
  • Name ID format: Email address
  • Name ID value: User’s email address
The specific configuration steps will vary depending on your identity provider. See your IdP’s documentation for detailed instructions on adding a SAML application.
3

Configure Authsignal

Once you’ve configured your identity provider, provide the following information in the Authsignal admin portal:Identity provider (IdP) entity IDYour identity provider’s generated entity ID. This is typically a URL that uniquely identifies your IdP.Identity provider (IdP) SSO target URLYour identity provider’s SSO target URL that will receive SAML requests. This is sometimes called the “Single Sign-On URL” or “SAML 2.0 Endpoint”.Identity provider (IdP) public x509 certificateYour identity provider’s public x509 certificate used to verify SAML responses.

Enable single sign-on

Once you’ve configured your SSO settings (either via metadata import or manual configuration), enable the Enable Single Sign On (SAML 2.0) toggle to activate SSO.
Enable single sign-on toggle
When enabled, all admin portal sign-ins will be redirected to your identity provider and team members will no longer be able to sign in using their Authsignal password. When disabled, team members can sign in using their Authsignal credentials.