SAML SSO (Generic IdP)

SAML SSO Integration (Generic Identity Provider)

This guide explains how to set up Single Sign-On (SSO) in AutoRABIT with any Identity Provider (IdP) that supports SAML 2.0, such as SailPoint, Okta, Ping Identity, or others.

When you integrate AutoRABIT with a SAML 2.0 IdP, you can:

  • Control access to AutoRABIT through your IdP

  • Enable users to sign in to AutoRABIT with their IdP credentials

  • Manage user permissions centrally in your IdP

Prerequisites

To get started, you need the following:

  • An IdP that supports SAML 2.0

  • Administrator access to AutoRABIT and your IdP

  • The ability to configure a custom or non-gallery SAML application in your IdP

Step 1: Configure Your Identity Provider

Log in to your IdP management console and create a new custom SAML application. In the SAML configuration screen, use the following values:

  • Identifier (Entity ID): https://<your-instance-domain>/saml/metadata (Example: https://xyz.com/saml/metadata)

  • Reply URL (Assertion Consumer Service URL): https://<your-instance-domain>/saml/SSO (Example: https://xyz.com/saml/SSO)

  • Sign-on URL (optional): https://<your-instance-domain> (This is the secure login page of your AutoRABIT instance)

Once configured, locate and download the Federation Metadata XML or equivalent metadata file from your IdP.

Step 2: Configure SSO in AutoRABIT

  1. Log in to your AutoRABIT account as an administrator.

  2. Hover over the Admin module and select My Account.

  3. On the My Account page, scroll down to the SSO Configuration section.

  4. Upload the metadata XML file you downloaded from your IdP.

  5. Save your changes and sign out of your AutoRABIT account.

Step 3: Test SSO Access

  1. Go to the AutoRABIT login page.

  2. Click the Single Sign-On option.

  3. Enter your configured domain name and click Go.

  4. You will be redirected to your Identity Provider to authenticate.

  5. After successful authentication, you will be directed back to AutoRABIT.

Troubleshooting Tips

  • Ensure that the times on your IdP and AutoRABIT instance are synchronized.

  • The user’s email in the IdP must match the user record in AutoRABIT.

  • If the login fails, check the SAML response using a browser plugin like SAML-tracer or review your IdP's activity logs.

Last updated

Was this helpful?