Basic SAML Setup

identity provider type general this indicates that your software is looking for general saml configuration okta, azure ad, ping, etc are identity providers (idp) that supports saml, so you can select a relevant type here if your software provides specific option identity provider name this is a descriptive name for your identity provider you can input \<sso provider name> (i e "okta", "ping", "google", etc ) or any other identifier that makes sense for your environment idp entity id or issuer idp entity id this is a unique identifier for your sso instance you can find this in the metadata xml file provided by your sso provider, typically in the tag with the entityid attribute issuer this value can also be found in the metadata under the tag saml login url single sign on url this is the url where saml authentication requests should be sent in your sso provider, you’ll find this in the metadata xml file under the tag with the binding="http redirect" attribute saml logout url single logout url this is optional depending on whether your application supports single logout if supported, you can find the logout url in the metadata file under the tag x 509 certificate certificate this is used to sign the saml assertions and ensure the response is coming from a trusted source you can find this in the metadata file within the tags you need to copy the entire certificate (including the begin certificate and end certificate lines) and paste it into this field character encoding ensure this is checked if your application requires encoding to properly read the certificate format this is often necessary to avoid issues with certificate parsing these items will fully enable auto user provisioning through sso and updating however "bi directional" sso delete is not yet included in the application i e when a user loses access in the 3rd party sso the user will stay active for a period of time before they will be listed as deactivated within the application software