Sign in

Connect SAML

Learn how to configure a new Generic SAML SSO Connection


Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a Generic SAML Connection, you'll need four pieces of information: an ACS URL, an IdP URI (also known as an Entity ID), an IdP SSO URL, and an X.509 Certificate.

Start by logging in to your WorkOS dashboard and browse to the 'Organizations' tab on the left hand navigation bar.

Select the organization you wish to configure a Generic SAML Connection for, and Add a Connection under 'Single Sign-On Connections'.

You'll be prompted to enter the Organization's Domain and Company Name and additionally you'll want to select "Generic SAML" from the Identify Provider dropdown. Once this is filled out, click "Create Connection".

WorkOS ProvidesLink

Once you've created your connection, WorkOS provides the ACS URL. It's readily available in your Connection's Settings in the Developer Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to.


And then, you provide the IdP URI (Entity ID), IdP SSO URL, as well as the X.509 Certificate.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their Identity Provider admin dashboard. But, should that not be the case during your setup, here's how to obtain them.

Obtain Identity Provider DetailsLink

Copy and Paste the "IdP SSO URL" and "IdP URI (Entity ID)" into the corresponding Connection fields in your WorkOS Developer Dashboard. Then download the corresponding X.509 Certificate, and save it to your preferred directory.

Enter Service Provider DetailsLink

Copy and Paste the "ACS" URL into the corresponding fields for Service Provider details and configuration.

Upload CertificateLink

Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be verified and good to go!