Make sure you enter the correct domain name in the Login URL setting. For example, if your employee email is email@example.com, then your Login URL will be https://app.rudderstack.com/sso?domain=example.com.
From the dropdown, select the SAML initiator and SAML nameID format fields as shown:
Configure the other SAML settings related to the assertion validity, encryption method, etc. as per your organizational requirements.
Next, go to the Parameters tab and add the custom parameters as shown below:
The custom parameters and their values are listed in the following table:
For the LastName custom attribute, you can specify a single field Name - which specifies how you would like to see your employees on the RudderStack web app.
To add any other custom parameter, click the + button, enter the Field name, and select the value from the dropdown:
Make sure you enable (tick) the Include in SAML assertion flag for each custom parameter.
Click Save to save the configuration.
Go to the SSO tab of your app and copy the Issuer URL:
The Issuer URL is the SAML metadata endpoint that contains the certificate and any other information required to enable SSO for your organization.
Share this Issuer URL with the RudderStack team.
Debugging SSO issues
There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.
A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.
Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.
Note the following before capturing your HAR file:
Start from https://app.rudderstack.com/sso with a clean session, preferably in incognito mode of your browser.
Complete the SSO flow until the step where you face an error.
Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
for the working of basic functionalities of the website. We also use third-party cookies that
analyze and understand how you use this website. These cookies will be stored in your browser
consent. You also have the option to opt-out of these cookies. But opting out of some of these
have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.