Comment on page
Universal (SAML)
This guide will show you how to integrate GoodAccess with with any SSO provider supporting SAML.
This feature is available in Premium plan and higher.
Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.
Remember to grant your users access permissions to GoodAccess. Users without them won't be able to log in.
- 1.Go to the settings of your identity provider and look for an option to add a new application.
- 2.If asked for the sign-in method, select SAML (2.0).
- 3.Name your application and choose a logo.
These details are general and are the same for every identity provider. However, individual identity providers can use different names for the fields and the settings may vary in details.
If you are lost, we recommend checking our other guides for identity providers where you can gain more insight on the setup of yours. If that doesn't help you, check the guides from your provider or contact us.
When asked for SAML configuration, enter the details from GoodAccess - (2) GoodAccess links.
- Identifier - Entity ID
- Reply URL - Assertion Consumer Service URL
- Sign on URL - Login URL
- Relay State - Relay State
For User Attributes enter the following:
- Name - Enter "email"
- Name format - Choose "Unspecified"
- Value/Source Attribute - Choose "user.mail"
Add permissions for the application to an existing group within your identity provider or create a new one and assign users to it.
Open your newly created application, look for SAML settings and copy the following details into GoodAccess - (3) Identity Provider Links.
- SSO/Login URL - Sign in URL
- Identifier/Issuer - Entity ID
- Certificate - X509 signing certificate
Now switch back to GoodAccess and click Continue, then Continue in the next dialog, and finally Submit.
Last modified 1mo ago