SAML 2.0 SSO

Article author
Vera
  • Updated

Overview

AppFollow uses SAML 2.0 Compliant Version to provide a Single Sign-On option. AppFollow performs as a service provider (SP), and your internal SSO service as an identity provider (IdP).


Set up SAML 2.0

IdP configuration:

Configure these parameters in your IdP service:

  1. ACS URL: https://sso.appfollow.io/acs
  2. SP Entity ID: https://sso.appfollow.io/metadata/
  3. RelayState: the email associated with AppFollow owner
  4. Additional SAML attributes configuration:
  • Email: user's email
  • FirstName: user’s first name
  • LastName: user’s last name

After configuring the parameters above your SSO-service should generate your  IdP URL, IdP Entity ID and x.509 Public Certificate.


I Can’t Configure the RelayState in My SSO Service

If your service doesn’t have a field for RelayState, you might have a field called “Target Url”. You can pass RelayState through it like this: https://sso.appfollow.io?email={{the email associated with AppFollow owner}}

Example of TargetUrl: https://sso.appfollow.io?email=owner@domain.com

In “Advanced settings”, you need to find the option “Send RelayState without URL encoding” and turn it on.


SP Configuration in AppFollow

Save the following parameters in the AppFollow SSO settings:  https://watch.appfollow.io/settings/sso

  • Entity ID: IdP Entity ID *if your service doesn’t provide IdP Entity ID - then copy the value of IdP URL here*
  • SAML SSO URL: IdP URL that was generated by your SSO service
  • Public Certificate: Your x.509 certificate
You can only get these parameters after setting up your IdP.

Was this article helpful?

0 out of 0 found this helpful