# Custom SSO (SAML) The Updraft platform supports integration with any SAML 2.0-compliant Identity Provider (IdP). This feature is available with the **Enterprise Plan** and enables you to configure a custom SAML provider for seamless single sign-on (SSO) functionality. Since different Identity Providers have varying setup processes, the following instructions provide the general configuration requirements and fields you will need to complete. *** #### **Steps to Configure SAML with Updraft** 1. **Sign in to Your Identity Provider (IdP)**\ Log in to the administrative interface of your Identity Provider. Refer to the IdP’s documentation for specifics about where to configure Service Provider (SP) details. 2. **Service Provider (SP) Information**\ Use the following information when adding Updraft as the Service Provider: * **SP Entity ID:**\ Enter the following value:\ `getupdraft` * **Assertion Consumer Service (ACS) URL:**\ Copy and paste the following URL:\ `https://getupdraft.com/saml2_auth/acs/` 3. **NameID and Format**\ Configure the NameID settings as follows: * **SAML Subject NameID:**\ Set this to `username`. * **SAML Subject NameID Format:**\ Select:\ `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` 4. **Signature Algorithm**\ Set the Signature Algorithm to:\ `RSA-SHA256` 5. **User Attribute Mapping**\ Map the following user attributes to ensure proper synchronization between the IdP and Updraft: | **User Attribute** | **Value** | | ------------------ | --------- | | email | email | | username | email | | first\_name | firstname | | last\_name | lastname | *** #### **Testing the Integration** Once the configuration is complete, test the SSO functionality: * Attempt to log in to Updraft using the configured SSO provider. * Ensure user attributes (email, username, first\_name, and last\_name) are correctly populated in Updraft. *** #### **Troubleshooting Tips** * Double-check the SP Entity ID and ACS URL for typos or errors. * Confirm that your IdP supports RSA-SHA256 as a signature algorithm. * Ensure the attribute mapping aligns with the user directory in your IdP. *** #### **Frequently Asked Questions** **What if my IdP doesn't support RSA-SHA256?** Most modern IdPs support RSA-SHA256. If yours does not, consult the IdP's documentation or contact their support for alternative algorithms. **Can I configure additional attributes?** Yes, additional attributes can be configured in your IdP. Updraft currently requires the four specified attributes (email, username, first\_name, last\_name) to function properly. **Where can I get support for custom SAML integration?** For support, reach out to the Updraft technical team via your Enterprise support portal. *** This documentation provides the general setup for integrating Updraft with your custom SAML Identity Provider. If additional assistance is required, refer to your IdP’s documentation or contact Updraft support ().