Documentation

SAML SSO (Security Assertion Markup Language Single Sign-On) - is an open standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP), enabling Single Sign-On (SSO) without sharing passwords.

{% docs-informer info %}

Improvado supports:

• ‍SAML 1.0
• ‍SAML 2.0
• Shibboleth (SAML-based identity provider). Learn more about Shibboleth support here.

{% docs-informer-end %}

How to Set up Single Sign-On via SAML

Step 1. Ensure the Whitelabel for your Improvado account is already set up.

Step 2. Please provide the following credentials to your Customer Success Manager via Keeper's One-Time Share feature:

1. IdP SSO and SLO URLs

Provide the URLs for Single Sign-On (SSO) and Single Logout (SLO) services from your Identity Provider.

2. Public PEM Certificate

Share the public PEM certificate used for encryption on the IdP side. This certificate is essential for securing authentication and authorization data.

3. Signing & Encryption Settings

Specify the security configurations, including:

• Whether authentication requests/responses should be signed and/or encrypted.
• Any specific signing or encryption algorithms required.

4. Test User Credentials (Optional)

If possible, provide a test user credential from the IdP side for debugging and troubleshooting purposes during the integration process.

5. Unique User Identifier

Specify which field should be used as the unique identifier for users. Options include:

• Email
• NameID
• Any other user-specific unique identifier supported by your identity provider

Step 3. If everything was set up correctly, you should see the Sign In with SAML button on the Improvado Login page:

How to Allow Users to Log In via SAML SSO

To allow users to log in to Improvado UI via SAML SSO, the workspace admin should invite the user using the Email, NameID or any other user-specific unique identifier supported by your identity provider that looks like ```email@domain.com``` (e.g., ```user@improvado.io```). Learn more about invites here: How to invite users to a workspace | Docs.

Shibboleth SSO

Improvado supports Shibboleth-based authentication, enabling organizations to implement secure SSO using this SAML-compliant identity solution. Our platform maintains full compatibility with Shibboleth Service Provider implementations, supporting both authentication flows and attribute release policies.

This identity provider follows the same configuration flow as standard SAML SSO setups.