SAML Single Sign-On
SAML SSO (Security Assertion Markup Language Single Sign-On) - is an open standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP), enabling Single Sign-On (SSO) without sharing passwords.
Improvado supports:
- SAML 1.0
- SAML 2.0
- Shibboleth (SAML-based identity provider). Learn more about Shibboleth support here.
How to Set up Single Sign-On via SAML
Ensure the Whitelabel for your Improvado account is already set up.
Please provide the following credentials to your Customer Success Manager via Keeper's One-Time Share feature:
1. IdP SSO and SLO URLs
Provide the URLs for Single Sign-On (SSO) and Single Logout (SLO) services from your Identity Provider.
2. Public PEM Certificate
Share the public PEM certificate used for encryption on the IdP side. This certificate is essential for securing authentication and authorization data.
3. Signing & Encryption Settings
Specify the security configurations, including:
- Whether authentication requests/responses should be signed and/or encrypted.
- Any specific signing or encryption algorithms required.
4. Test User Credentials (Optional)
If possible, provide a test user credential from the IdP side for debugging and troubleshooting purposes during the integration process.
5. Unique User Identifier
Specify which field should be used as the unique identifier for users. Options include:
- NameID
- Any other user-specific unique identifier supported by your identity provider
If everything was set up correctly, you should see the Sign In with SAML button on the Improvado Login page:

How to Allow Users to Log In via SAML SSO
To allow users to log in to Improvado UI via SAML SSO, the workspace admin should invite the user using the Email, NameID or any other user-specific unique identifier supported by your identity provider that looks like email@domain.com (e.g., user@improvado.io). Learn more about invites here: How to invite users to a workspace | Docs.
Shibboleth SSO
Improvado supports Shibboleth-based authentication, enabling organizations to implement secure SSO using this SAML-compliant identity solution. Our platform maintains full compatibility with Shibboleth Service Provider implementations, supporting both authentication flows and attribute release policies.
This identity provider follows the same configuration flow as standard SAML SSO setups.
Was this article helpful?
Thanks for the feedback!