Universal (SAML)

Universal SSO login can be used with any providers supporting SAML.
Please note: Changing the login method to identity provider involves permanently deleting all existing members. Your team members will be automatically added to GoodAcces upon their first login. Currently added devices will be retained.
In case you have problem with login in with SSO (white page; Error: not_a_saml_app) try to clear your cookies and caches, then try to log in with SSO again. If the problem persists, please contact our support.

Step 1

In the GoodAccess Control Panel go to Settings, switch to the Login tab, select Login with an identity provider and click on Universal.
Step 1: Selecting your identity provider


Gather the following details to be used later:
  • Entity ID
  • Assertion Consumer Service URL
  • Login URL
  • Relay State
Step 2: Gathering details to be used later

Step 3

  1. 1.
    Go to settings of your identity provider and look for option to add new application.
  2. 2.
    If you get asked for Sign-in method, select SAML (2.0).
  3. 3.
    Name your application and upload a logo for it.

Step 4

These details are general and are the same for every identity provider, however each identity provider can use different names for the columns and the settings may vary a bit.
If you get lost, we highly recommend checking our other guides for identity providers we already have, where you could gain more insight on the actual setup of yours. If that doesn't help you, we recommend checking guides from your provider or contact us.
  1. 1.
    When asked for SAML configuration, enter details from step 2.
  • Identifier - Entity ID
  • Reply URL - Assertion Consumer Service URL
  • Sign on URL -
  • Relay State - "/" (enter slash)
2. For User Attributes enter the following:
  • Name - Enter "email"
  • Name format - Choose "Unspecified"
  • Value/Source Attribute - Choose "user.mail"

Step 5

Get the following details from your identity provider:
  • Login URL
  • Identifier
  • Download certificate

Step 6

Add application to existing group within your identity provider or create new one and assign desired users to it. Users without permissions for GoodAccess won't be able to login.

Step 7

In the GoodAccess Control Panel enter the following details from step 5:
  • Sign in URL - Login URL
  • Entity ID - Identifier
  • Upload cerfiticate
Don't forget to save changes.
Step 7: Using details from identity provider

Step 8

That's all! You can now login to GoodAccess using your own identity provider.