- 1. Create a SAML App
- Set Up Attribute Mapping
- Okta specific instructions
- OneLogin specific instructions
- Google SAML specific instructions
- 2. Provide Us With Your SAML Metadata
1. Create a SAML App
connection_id
that you will use for your connection setup.You will need the following info:
SSO URL:
https://auth.safebase.io/login/callback?connection=connection_id
- Note: replace connection_id with the value that we will provide to you. Ex. SafeBase's SSO URL looks like
https://auth.safebase.io/login/callback?connection=safebase-saml
Audience URI (SP Entity ID):
urn:auth0:safebase:connection_id
- So for the example above, the Audience URI would be
urn:auth0:safebase:safebase-saml
If your IdP supports direct metadata import, use this URL:
https://auth.safebase.io/samlp/metadata?connection=connection_id
- For the example above, the direct metadata import URL would be
https://auth.safebase.io/samlp/metadata?connection=safebase-saml
Set Up Attribute Mapping
Please map the following attributes:
- First name →
firstName
- Last name →
lastName
- Email →
email
- Identifier/Login →
id
Okta specific instructions
In Okta, your configuration should look like this (with the {connection_id}
replaced with the value we provided):
OneLogin specific instructions
ACS (Consumer) URL: The SSO URL specified above.
Relay State: https://app.safebase.io/api/auth/login?returnTo=%2Fdashboard
Audience: The Audience URI specific above.
Recipient:Â The SSO URL specified above.
ACS (Consumer) URL Validator: ^https:\/\/app\.safebase\.io
Login URL: https://app.safebase.io
Be sure to add custom attributes:
OneLogin field → Field that SafeBase is expecting
- Email →
email
- First Name →
firstName
- Last Name →
lastName
- Username →
id
Google SAML specific instructions
ACS URL: The SSO URL specified above.
Entity ID: The Audience URI specified above.
Start URL: Leave this blank.
Attribute Mapping (Should all be in Basic Information):
- Note: From our experience Google SAML can be buggy at times. You may encounter errors such as “403: Not a SaaS application” or “Could not save SafeBase as an app.” We’ve found that waiting a few hours usually auto resolves these issues without any action on your end.
2. Provide Us With Your SAML Metadata
Send us a copy of your SAML metadata to we can complete the SAML setup on our end.
- Note that if you use Azure AD the certificate may not be in the metadata, so please continue below. If this is the case, please continue below.
You can find it by clicking on "View Setup Instructions" if you are using Okta.
If you are unable to export the metadata from your idP, please provide the following:
- idP SSO URL
- X.509 Certificate