Growth platform supports logging in through SAML SSO as well as creating and updating users through SAML SSO.
Using SAML SSO for login and user management is very convenient for users. They can log in securely and quickly using their existing credentials without the hassle of remembering yet another username and password.
In this article, you will find instructions about
Follow the steps for creating or modifying your SAML configuration:
Navigate to the Control > Users > Integrations > SAML 2
Click on "Add SAML2" to open the settings section.
Enabling SAML login for existing users
Copy the Identity Provider (IdP) SAML metadata to the “metadata” field (
yourplatformname.platform.co.nl/saml2/metadata
).Make sure the ‘legacy’ checkbox is disabled.
“Create unknown user” and “update existing user” can be kept unchecked.
Verify users that need to login with saml have a ‘saml_username’ field set manually or done by a user import integration. If not, please select 'email' at "saml_username field on platform" instead of the default saml_username.
Identify which field in the SAML login Response corresponds with the value in “saml_username” in Growth platform. This is usually the “NameId” or an attribute claim such as “email” or “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”.
Set the “saml_username” field to “NameId” or “claim” with the name of the attribute.
Creating and updating users through SAML.
To create and modify users through SAML, check the corresponding checkboxes.
Create unknown users: Users will be created if they do not exist.
Update existing user: Users will be updated with information from SAML when they log in.
Set the field mapping for the user fields to the corresponding SAML attribute claims. The following user fields in Growth platform can be set/updated:
Email address
First name
Last name
Contract start date (iso-8601 format)
Contract end date (iso-8601 format)
The value for these fields can come from the “NameId”, a SAML “attribute claim” or you can define a constant value that should be used. If the value is unavailable, choose ‘n/a’ as the source.
Assigning groups through SAML
To create and assign one or more groups through SAML, press the “Add” button below “Group Mapping”. Now fill in the fields:
Group_identifier is the value that should be used to identify this group, such as “store employee uniquely”. This will be used to find an existing group.
Group_i18n is the display name for the group. It will often be the same as the group_identifier.
Parent group identifier is the group that this group should be placed. It should be the entire group identifier of the parent group, such as “999-111-jobs” (including the numeric prefixes).
Group_type is the name of the group type for this group.