search
Ctrlk

Configure SSO/SAML for your organization

This guide provides step-by-step instructions for configuring Single Sign-On (SSO) using SAML in your organization. Follow these instructions to ensure a secure and seamless setup, regardless of your Identity Provider (IdP).

1

hashtag
Open the SSO/SAML configuration page

From Spexi World, navigate to Settings [⚙️], then SSO/SAML Configuration.

2

hashtag
Configure SSO/SAML configuration detials

  • Create a new SAML application in your IdP (e.g., Microsoft Entra, Google Workspace, Okta, OneLogin, Ping Identity, etc.).

  • Enter the following details from your IdP:

    • Entity ID: Copy and paste the Entity ID from your IdP.

      • Example: https://accounts.google.com/o/saml2?idpid=C02so64kf

    • Entry Point URL: Enter the authentication request URL provided by your IdP.

      • Example: https://accounts.google.com/o/saml2/idp?idpid=C02so64kf

    • Certificate: Upload the X.509 certificate provided by your IdP (leave blank to retain the current one).

      • Certificates are used for secure authentication between your application and the IdP.

3

hashtag
Configure attribute mappings

Map user attributes from your IdP to the corresponding fields in Spexi:

  • First Name → firstName

  • Last Name → lastName

Click Add Attribute Mapping for additional attributes.

4

hashtag
Add authorized domains

Enter the domains allowed to use SSO:

  • spexi.com

  • spexigeo.com

To remove a domain, click Remove next to it.

5

hashtag
Enable and test configuration

Test things out before enabling SSO for all users:

  • Enable Test Mode.

  • Use a test email: sso://[email protected]

  • Attempt to login and verify SSO is working.

circle-exclamation

If Test Mode is disabled without a valid setup, users may lose access!

6

hashtag
Configure your identity provider (IdP)

  • Configure the following settings in your IdP:

    • Assertion Consumer Service (ACS) URL

    • Entity ID

  • Follow your IdP’s setup guide to configure a new SAML application using the provided ACS URL and Entity ID.

7

hashtag
Finalize your configuration

  • Click Update SSO Config to save changes.

  • Disable Test Mode once setup is confirmed to apply SSO to all users.

hashtag
Troubleshooting Guide

Login Issues

  • Verify that ACS URL and Entity ID match the IdP settings.

  • Check that the certificate is correctly uploaded.

Attribute Mapping Errors

  • Ensure attribute names match exactly between IdP and Spexi.

Domain Authorization Errors

  • Ensure all required domains are listed in the Domains section.

hashtag
Need help? If you encounter issues, refer to your Identity Provider documentation or contact Spexi Support for assistance.

Last updated