Overview
AppFollow uses SAML 2.0 Compliant Version to provide a Single Sign-On option. AppFollow performs as a service provider (SP), and your internal SSO service as an identity provider (IdP).
Set up SAML 2.0
IdP configuration:
Configure these parameters in your IdP service:
- ACS URL: https://sso.appfollow.io/acs
- SP Entity ID: https://sso.appfollow.io/metadata/
- RelayState: the email associated with AppFollow owner
- Additional SAML attributes configuration:
- Email: user's email
- FirstName: user’s first name
- LastName: user’s last name
After configuring the parameters above your SSO-service should generate your IdP URL, IdP Entity ID and x.509 Public Certificate.
I Can’t Configure the RelayState in My SSO Service
If your service doesn’t have a field for RelayState, you might have a field called “Target Url”. You can pass RelayState through it like this: https://sso.appfollow.io?email={{the email associated with AppFollow owner}}
Example of TargetUrl: https://sso.appfollow.io?email=owner@domain.com
In “Advanced settings”, you need to find the option “Send RelayState without URL encoding” and turn it on.
SP Configuration in AppFollow
Save the following parameters in the AppFollow SSO settings: https://watch.appfollow.io/settings/sso
- Entity ID: IdP Entity ID *if your service doesn’t provide IdP Entity ID - then copy the value of IdP URL here*
- SAML SSO URL: IdP URL that was generated by your SSO service
- Public Certificate: Your x.509 certificate