Connect SAML

Learn how to configure a new Generic SAML SSO Connection

Introduction

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a Generic SAML Connection, you'll need four pieces of information: an ACS URL, an IdP URI (also known as an Entity ID), an IdP SSO URL, and an X.509 Certificate.

WorkOS Provides

WorkOS provides the ACS URL. It's readily available in your Connection's Settings in the Developer Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to.

Configuring Generic SAML

And then, you provide the IdP URI (Entity ID), IdP SSO URL, as well as the X.509 Certificate.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their Identity Provider admin dashboard. But, should that not be the case during your setup, here's how to obtain them.

1
Obtain Identify Provider Details

Copy and Paste the "IdP SSO URL" and "IdP URI (Entity ID)" into the corresponding Connection fields in your WorkOS Developer Dashboard. Then download the corresponding X.509 Certificate, and save it to your preferred directory.

2
Enter Service Provider Details

Copy and Paste the "ACS" URL into the corresponding fields for Service Provider details and configuration.

3
Upload Certificate

Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be verified and good to go!