Universal (SAML)
This guide will show you how to integrate GoodAccess with with any SSO provider supporting SAML.
This feature is available in Premium plan and higher.
Remember to grant your users access permissions to GoodAccess. Users without them won't be able to log in.
You may set up Single Sign-On (SSO) in Control Panel > Settings > SSO & Identity.
Step 1
Go to the settings of your identity provider and look for an option to add a new application.
If asked for the sign-in method, select SAML (2.0).
Name your application and choose a logo.
Step 2
These details are general and are the same for every identity provider. However, individual identity providers can use different names for the fields and the settings may vary in details.
If you are lost, we recommend checking our other guides for identity providers where you can gain more insight on the setup of yours. If that doesn't help you, check the guides from your provider or contact us.
When asked for SAML configuration, enter the details from GoodAccess - (2) GoodAccess links.
Identifier - Entity ID
Reply URL - Assertion Consumer Service URL
Sign on URL - Login URL
Relay State - Relay State
For User Attributes & Claims create the following attributes:
Important: Attribute names are case-sensitive. Please enter them exactly as shown (all lowercase).
Unspecified
Select the attribute representing the user's primary email address (e.g., user.mail or email).
name
Unspecified
Select the attribute representing the user's full name (e.g., user.displayname or name).
Step 3
Add permissions for the application to an existing group within your identity provider or create a new one and assign users to it.
Step 4
Open your newly created application, look for SAML settings and copy the following details into GoodAccess - (3) Identity Provider Links.
SSO/Login URL - Sign in URL
Identifier/Issuer - Entity ID
Certificate - X509 signing certificate
Step 5
Now switch back to GoodAccess, click Continue, and Submit.
Last updated
Was this helpful?