SAML SSO Overview
This section describes how you can enable SAML Single Sign-On (SSO) for your organization in ConfigCat.
SAML SSO allows your team members to sign up and log in to ConfigCat via their company accounts using your own Identity Provider (IdP).
Go to the Authentication Preferences page to set up SAML SSO. You need to be an organization admin to do this.
Prerequisites
- Verified domain
In order to configure SAML, you have to verify the ownership of the domain that your company uses for email addresses. This step is required because, at the beginning of the login process, we use the user's email domain to select the appropriate SAML Identity Provider. - Identity Provider that supports SAML 2.0
Configure a SAML Identity Provider
We tested and validated the following SAML Identity Providers:
info
Other Identity Providers might also work with ConfigCat, if they support the SAML 2.0 protocol.
Supported SAML flows
- Identity Provider initiated SSO
- Service Provider initiated SSO
SAML Requirements
These are the Identity Provider configuration requirements for ConfigCat:
- Name ID: ConfigCat only supports the email address in the
NameIDfield. - Signature algorithm: ConfigCat only supports the
RSA-SHA256signature algorithm.