# Custom SSO (SAML) The Updraft platform supports integration with any SAML 2.0-compliant Identity Provider (IdP). This feature is available with the **Enterprise Plan** and enables you to configure a custom SAML provider for seamless single sign-on (SSO) functionality. Since different Identity Providers have varying setup processes, the following instructions provide the general configuration requirements and fields you will need to complete. *** #### **Steps to Configure SAML with Updraft** 1. **Sign in to Your Identity Provider (IdP)**\ Log in to the administrative interface of your Identity Provider. Refer to the IdP’s documentation for specifics about where to configure Service Provider (SP) details. 2. **Service Provider (SP) Information**\ Use the following information when adding Updraft as the Service Provider: * **SP Entity ID:**\ Enter the following value:\ `getupdraft` * **Assertion Consumer Service (ACS) URL:**\ Copy and paste the following URL:\ `https://getupdraft.com/saml2_auth/acs/` 3. **NameID and Format**\ Configure the NameID settings as follows: * **SAML Subject NameID:**\ Set this to `username`. * **SAML Subject NameID Format:**\ Select:\ `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` 4. **Signature Algorithm**\ Set the Signature Algorithm to:\ `RSA-SHA256` 5. **User Attribute Mapping**\ Map the following user attributes to ensure proper synchronization between the IdP and Updraft: | **User Attribute** | **Value** | | ------------------ | --------- | | email | email | | username | email | | first\_name | firstname | | last\_name | lastname | *** #### **Testing the Integration** Once the configuration is complete, test the SSO functionality: * Attempt to log in to Updraft using the configured SSO provider. * Ensure user attributes (email, username, first\_name, and last\_name) are correctly populated in Updraft. *** #### **Troubleshooting Tips** * Double-check the SP Entity ID and ACS URL for typos or errors. * Confirm that your IdP supports RSA-SHA256 as a signature algorithm. * Ensure the attribute mapping aligns with the user directory in your IdP. *** #### **Frequently Asked Questions** **What if my IdP doesn't support RSA-SHA256?** Most modern IdPs support RSA-SHA256. If yours does not, consult the IdP's documentation or contact their support for alternative algorithms. **Can I configure additional attributes?** Yes, additional attributes can be configured in your IdP. Updraft currently requires the four specified attributes (email, username, first\_name, last\_name) to function properly. **Where can I get support for custom SAML integration?** For support, reach out to the Updraft technical team via your Enterprise support portal. *** This documentation provides the general setup for integrating Updraft with your custom SAML Identity Provider. If additional assistance is required, refer to your IdP’s documentation or contact Updraft support (). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.getupdraft.com/dashboard/account/security-single-sign-on/custom-sso-saml.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.