Follow the instructions below to learn how to configure SSO for the SAML 2.0 standard.
Configuring Custom Domains Before SAML Configuration
We highly recommend using Custom Domains to avoid third party cookie-issues and this recommendation is appies to both Embedded and Hosted login customers. Since it is very cumbersome to switch to a custom domain after you've gone live - and especially if you have active SSO connections - we encourage you to configure custom domains in your Production environment from the get-go. Learn more about Custom Domains.
Go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authentication ➜ SSO.
If you do not see SSO ➜ SAML in the sidebar, make sure it is enabled in that specific environment.
To configure SAML, you need to do the following:
The ACS URL will contain your domain followed by
/auth/saml/callback. We strongly encourage you to configure a custom domain in your Frontegg app before configuring your SAML connection, as it may require downtime to change it retroactively after configuring your SAML connection. Custom Domains are beneficial for a number of reasons, such as avoiding cookie issues and enhancing your brand. Learn more about Custom Domains.
If you opt not to configure a custom domain, use your
frontegg subdomain followed by
/auth/saml/callback for your ACS URL.
Customers use this value when they configure their identity provider. We recommend you use the name of your application for this field.
If you are using the Hosted login method, the Redirect URL should be https://[your-frontegg-domain].frontegg.com/oauth/account/saml/callback.
If you are using the Embedded Login method, the Redirect URL should be [your-application-url]/account/saml/callback, for example: http://localhost:3000/account/saml/callback.
After configuring SAML in the Frontegg Portal, you can allow your end users either to apply the SSO connection via the Self-service or apply the connection details from their IDP on their behalf, via the Backoffice ➜ Accounts ➜ Account ➜ Actions SSO ➜ Configurations.
For enabling the SSO tab in the Self-Service for your end users:
Admin portal integration
Make sure that you have integrated the Admin portal into your application as described in (doc:react-self-service).
After the SSO tab is enabled, your customers can follow the instructions for adding the details of the connection from the IDP - here.
For applying the SSO connection on behalf of your customers, you can use the Backoffice or do it by using our APIs.
Updated 3 months ago