App Distribution for iOS, Android and Windows
DashboardStart for free
  • Updraft App Distribution Documentation
  • Microsoft App Center Alternative
    • Windows App Distribution
    • App Center Migration Tool
  • Welcome to Updraft!
    • What is Updraft?
  • Quickstart
    • Register your Organization
    • Your first app project
      • Upload your first app versions (builds)
      • Install your app
  • Dashboard
    • Create Projects
    • Latest received Feedbacks
    • Documentation
    • Usermanagement
      • Permission Groups
      • Tester Dashboard
    • Profile & User Account
      • Profile Preferences
        • Two-factor authentication
      • Personal token
      • Notifications
      • Organizations
      • Account Settings
      • Plan & Billing
        • Free Plan
        • Paid Plan (Pay-As-You-Go)
      • Security (Single Sign-On)
        • Single Sign-On with Okta
        • Single Sign-On with Google Worspace
        • Single Sign-On with Microsoft Entra
        • Single Sign-On with JumpCloud
        • Single Sign-On with Ping Identity
        • Custom SSO (SAML)
      • Developer Accounts
        • App Store Connect API
        • Google Play Connect API
  • Your Projects
    • Project Settings
      • Overview
      • Automatically clean up build binaries
      • Notification Integrations
        • Slack integration
        • Webhook integration
        • Microsoft Teams integration
        • Discord integration
        • WebEx integration
      • User & Permissions
    • App Overview & App Settings
      • Notifications
      • Security
      • Last uploaded build
      • Add another app to your project
      • Android App Bundle (AAB)
    • Builds and App versions
      • Build history / app version history
        • iOS Resigning
        • Android Resigning
      • Release Notes
      • Exchange already uploaded app version
      • Distribute and install a pre-release version of your app
        • App download page
    • Feedback
    • App Distribution
      • Testers & Distribution Groups
      • Distribute your app
        • Single Release
        • Beta Release (one link two apps)
        • Store
          • App Store Distribution
          • Play Store Distribution
      • Release History
      • Install an app distributed from Updraft
  • Integrations
    • Jenkins Plugin Updraft
    • Fastlane
    • Gradle
    • Teamcity with Gradle (Android)
    • Teamcity
    • GitLab CI/CD
      • GitLab iOS with Fastlane
      • GitLab app distribution for iOS builds
      • GitLab app distribution for Android builds
    • Bitrise
  • API
    • Upload API
    • Upload Apps with CURL
    • Rest API
      • Distribution group and Permission group API
  • Updraft SDK
    • Autoupdate
    • Integrating Updraft Android SDK
    • Integrating Updraft iOS SDK
    • Integrating Updraft Flutter SDK
  • Android
    • Unknown sources in Android
    • .apk installation on Samsung Browser
    • Android FAQ
    • 🪅Android Icon Troubleshooting
    • Google Play Store upload issues
  • iOS
    • Untrusted Enterprise Developer
    • Code Signing Explained (Certificates, Identifiers, Profiles – what?)
    • Registering a UDID for Ad Hoc Distribution
    • What does "App could not be installed at this time" mean?
    • iPadOS on Safari
    • iOS FAQ
  • Data Security
    • Data hosting in Switzerland
      • Swiss data privacy law
    • End to end data encryption
    • General Data Protection Regulation (GDPR)
    • Single Sign On (SSO)
    • Custom Storage
      • Google Cloud Storage
      • Custom S3 bucket
    • ISO 27001
  • What's New/ Changelog
  • Roadmap
  • FAQ
  • Contact us
Powered by GitBook
On this page
  • SAML Authentication Workflow
  • SAML Authentication Workflow Group Mapping
  1. Dashboard
  2. Profile & User Account

Security (Single Sign-On)

Within the account settings of an organization you are able to set up SSO for your organiziation.

PreviousPaid Plan (Pay-As-You-Go)NextSingle Sign-On with Okta

Last updated 5 months ago

SAML 2.0 is the most recent iteration of the Security Assertion Markup Language as established by the OASIS organization. This standard facilitates the exchange of authentication and authorization information across different security domains.

SAML 2.0 operates as an XML-based protocol that utilizes security tokens with assertions to relay data about a principal (typically an end user) between a SAML authority (identity provider or IdP) and a SAML consumer (service provider or SP).

SAML Authentication Workflow

  1. The user navigates to your Updraft subdomain and clicks the LOGIN with SSO button.

  2. The user is then redirected to your Identity Provider (IdP) login page.

  3. Using the IdP's web-based authentication system, the user logs in, and the IdP sends a SAML Response to the Updraft callback endpoint.

  4. If the user is authenticated and has the necessary permissions in Updraft, they are granted access to the Updraft Organization where only authorized apps are visible.

    1. New Accounts in Updraft are created (no e-mail invitation or activation is sent)

    2. Owner or Admin is after the first login of the user able to add it to the Updraft projects

SAML Authentication Workflow Group Mapping

Sometimes, it’s very helpful to align SAML group names from your Identity Provider (IdP) with the actual group names in Updraft (). This step is optional and only required if your IdP doesn’t send the actual group name, but instead provides an ID associated with the group in the IdP. You can set up this group mapping in the settings for each SAML configuration provider, using key/value pairs. Map the Permission Groups you set in Updraft with the groups in your SAML configuration.

Updraft will automatically recognize new groups with each authentication and add user to the permission group in Updraft. After that you can assign the permission groups to your app projects.

This approach makes it possible to carry out almost all user management outside Updraft.

Permission Groups
Single Sign-On with Okta
Single Sign-On with Google Worspace
Single Sign-On with Microsoft Entra
Single Sign-On with JumpCloud
Single Sign-On with Ping Identity
Custom SSO (SAML)