Configure SSO/SAML for your organization

This guide provides step-by-step instructions for configuring Single Sign-On (SSO) using SAML in your organization. Follow these instructions to ensure a secure and seamless setup, regardless of your Identity Provider (IdP).

1

Open the SSO/SAML configuration page

From Spexi World, navigate to Settings [⚙️], then SSO/SAML Configuration.

2

Configure SSO/SAML configuration detials

  • Create a new SAML application in your IdP (e.g., Microsoft Entra, Google Workspace, Okta, OneLogin, Ping Identity, etc.).

  • Enter the following details from your IdP:

    • Entity ID: Copy and paste the Entity ID from your IdP.

      • Example: https://accounts.google.com/o/saml2?idpid=C02so64kf

    • Entry Point URL: Enter the authentication request URL provided by your IdP.

      • Example: https://accounts.google.com/o/saml2/idp?idpid=C02so64kf

    • Certificate: Upload the X.509 certificate provided by your IdP (leave blank to retain the current one).

      • Certificates are used for secure authentication between your application and the IdP.

3

Configure attribute mappings

Map user attributes from your IdP to the corresponding fields in Spexi:

  • First Name → firstName

  • Last Name → lastName

Click Add Attribute Mapping for additional attributes.

4

Add authorized domains

Enter the domains allowed to use SSO:

  • spexi.com

  • spexigeo.com

To remove a domain, click Remove next to it.

5

Enable and test configuration

Test things out before enabling SSO for all users:

  • Enable Test Mode.

  • Use a test email: sso://[email protected]

  • Attempt to login and verify SSO is working.

circle-exclamation
6

Configure your identity provider (IdP)

  • Configure the following settings in your IdP:

    • Assertion Consumer Service (ACS) URL

    • Entity ID

  • Follow your IdP’s setup guide to configure a new SAML application using the provided ACS URL and Entity ID.

7

Finalize your configuration

  • Click Update SSO Config to save changes.

  • Disable Test Mode once setup is confirmed to apply SSO to all users.

Troubleshooting Guide

Login Issues

  • Verify that ACS URL and Entity ID match the IdP settings.

  • Check that the certificate is correctly uploaded.

Attribute Mapping Errors

  • Ensure attribute names match exactly between IdP and Spexi.

Domain Authorization Errors

  • Ensure all required domains are listed in the Domains section.

Need help? If you encounter issues, refer to your Identity Provider documentation or contact Spexi Support for assistance.

Last updated