1. Overview & Concepts
  2. SAML

As an example, lets say you have a customer “Acme Co”. Acme’s IT team uses OneLogin as their identity provider, meaning that all employees at the company have an account with OneLogin. New employees are onboarded to OneLogin and exiting employees are removed.

A SAML connection between your product and Acme allows Acme’s IT team to specify which users have access to your product. They could give everyone at the company access, specify teams like only the engineering team, or even pick specific people to give access.

SAML Setup Guide

We’re going to set up our PropelAuth Project to enable Acme Co to set up a SAML connection.

  1. On the dashboard for your project, click the “View Org Page” button under the Test Environment. When you click this, you are now viewing the organization management page for your product. In other words, you are now acting as if you were an employee at Acme Co. If you haven’t done it yet, you’ll need to sign up before you can view the org page.

dashboard

  1. Click the Create Organization button.

create organization

  1. Write a name for the organization, and click Create Organization.

organization game

  1. Back in the project dashboard, under the Management section of your Project, select the Organizations tab, and click the edit icon for the organization in which you would like to enable SAML for.

organization settings

  1. On this page, click the Edit button on the top right.

edit organization

  1. Toggle the Can Enable SAML option, and click Update.

enable saml

  1. Now we can go back to being a user at Acme Co. Back on the page for the new Organization, click the Settings button, and click Enable SAML.

enable saml

  1. Click the option for the SAML Identity Provider you would like to use.

choose identity provider

  1. Follow the set by step instructions we have provided for the Identity Provider of choice.

follow IDP instructions

As an employee of Acme Co, I was given step by step instructions on how to connect my IDP. I can then manage my employees access to your product easily. As the implementor, all you have to do is enable SAML for their organization, and PropelAuth takes care of the rest.

SAML Example Use

Here’s an example where Acme gives a user access to Figma directly from OneLogin.

user being added to figma

PropelAuth’s SAML support extends our hosted UIs with a full set of UIs to enable your users to setup SAML connections with you. Your users select the identity provider they use:

user selecting an IDP

And then are guided through the process of setting up a SAML connection with step-by-step instructions:

saml wizard

Once the connection is set up, your users can test the connection to make sure it is working:

testing a saml connection

This SAML connection is tied to an organization, meaning that any user that logs in via Acme’s SAML connection will automatically be added to Acme’s organization.

Working with SAML

So far, we’ve seen that your users can set up a SAML connection and easily onboard/offboard their users to an organization within your product. But what do you need to do to interact with SAML?

Pretty much nothing - SAML is an implementation detail of how an organization manages their users within your product. Some organizations will set up SAML while others will use our other supported methods like inviting coworkers manually or allowing anyone with a matching email domain (e.g. @acme.com) to join. Any code you write that deals with organizations will work, regardless of the method that organization uses to manage its members.

Controlling who can set up SAML

With the click of a button, you can allow all of your organizations to set up SAML connections with you. However, you may not want that if you consider SAML to be an enterprise/paid feature.

You can select which organizations can use SAML either in your dashboard or programmatically via our APIs.