- Overview & Concepts
- SAML
Overview & Concepts
SAML
PropelAuth's SAML SSO support allows your end users to connect their organizations directly to however they manage employees internally.
As an example, lets say you have a customer “Acme Co”. Acme’s IT team uses OneLogin as their identity provider, meaning that all employees at the company have an account with OneLogin. New employees are onboarded to OneLogin and exiting employees are removed.
A SAML connection between your product and Acme allows Acme’s IT team to specify which users have access to your product. They could give everyone at the company access, specify teams like only the engineering team, or even pick specific people to give access.
SAML Setup Guide
We’re going to set up our PropelAuth Project to enable Acme Co to set up a SAML connection.
- On the dashboard for your project, click the “View Org Page” button under the Test Environment. When you click this, you are now viewing the organization management page for your product. In other words, you are now acting as if you were an employee at Acme Co. If you haven’t done it yet, you’ll need to sign up before you can view the org page.
- Click the Create Organization button.
- Write a name for the organization, and click Create Organization.
- Back in the project dashboard, under the Management section of your Project, select the Organizations tab, and click the edit icon for the organization in which you would like to enable SAML for.
- On this page, click the Edit button on the top right.
- Toggle the Can Enable SAML option, and click Update.
- Now we can go back to being a user at Acme Co. Back on the page for the new Organization, click the Settings button, and click Enable SAML.
- Click the option for the SAML Identity Provider you would like to use.
- Follow the set by step instructions we have provided for the Identity Provider of choice.
As an employee of Acme Co, I was given step by step instructions on how to connect my IDP. I can then manage my employees access to your product easily. As the implementor, all you have to do is enable SAML for their organization, and PropelAuth takes care of the rest.
SAML Example Use
Here’s an example where Acme gives a user access to Figma directly from OneLogin.
PropelAuth’s SAML support extends our hosted UIs with a full set of UIs to enable your users to setup SAML connections with you. Your users select the identity provider they use:
And then are guided through the process of setting up a SAML connection with step-by-step instructions:
Once the connection is set up, your users can test the connection to make sure it is working:
This SAML connection is tied to an organization, meaning that any user that logs in via Acme’s SAML connection will automatically be added to Acme’s organization.
Working with SAML
So far, we’ve seen that your users can set up a SAML connection and easily onboard/offboard their users to an organization within your product. But what do you need to do to interact with SAML?
Pretty much nothing - SAML is an implementation detail of how an organization manages their users within your product. Some organizations will set up SAML while others will use our other supported methods like inviting coworkers manually or allowing anyone with a matching email domain (e.g. @acme.com) to join. Any code you write that deals with organizations will work, regardless of the method that organization uses to manage its members.
Controlling who can set up SAML
With the click of a button, you can allow all of your organizations to set up SAML connections with you. However, you may not want that if you consider SAML to be an enterprise/paid feature.
You can select which organizations can use SAML either in your dashboard or programmatically via our APIs.