Comment on page
This guide will show you how to integrate GoodAccess with with any SSO provider supporting SAML.
This feature is available in Premium plan and higher.
Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.
Remember to grant your users access permissions to GoodAccess. Users without them won't be able to log in.
- 1.Go to the settings of your identity provider and look for an option to add a new application.
- 2.If asked for the sign-in method, select SAML (2.0).
- 3.Name your application and choose a logo.
These details are general and are the same for every identity provider. However, individual identity providers can use different names for the fields and the settings may vary in details.
When asked for SAML configuration, enter the details from GoodAccess - (2) GoodAccess links.
- Identifier - Entity ID
- Reply URL - Assertion Consumer Service URL
- Sign on URL - Login URL
- Relay State - Relay State
For User Attributes enter the following:
- Name - Enter "email"
- Name format - Choose "Unspecified"
- Value/Source Attribute - Choose "user.mail"
Add permissions for the application to an existing group within your identity provider or create a new one and assign users to it.
Open your newly created application, look for SAML settings and copy the following details into GoodAccess - (3) Identity Provider Links.
- SSO/Login URL - Sign in URL
- Identifier/Issuer - Entity ID
- Certificate - X509 signing certificate
Now switch back to GoodAccess and click Continue, then Continue in the next dialog, and finally Submit.