Custom SSO (SAML)
The Updraft platform supports integration with any SAML 2.0-compliant Identity Provider (IdP). This feature is available with the Enterprise Plan and enables you to configure a custom SAML provider for seamless single sign-on (SSO) functionality.
Since different Identity Providers have varying setup processes, the following instructions provide the general configuration requirements and fields you will need to complete.
Steps to Configure SAML with Updraft
Sign in to Your Identity Provider (IdP) Log in to the administrative interface of your Identity Provider. Refer to the IdP’s documentation for specifics about where to configure Service Provider (SP) details.
Service Provider (SP) Information Use the following information when adding Updraft as the Service Provider:
SP Entity ID: Enter the following value:
getupdraft
Assertion Consumer Service (ACS) URL: Copy and paste the following URL:
https://getupdraft.com/saml2_auth/acs/
NameID and Format Configure the NameID settings as follows:
SAML Subject NameID: Set this to
username
.SAML Subject NameID Format: Select:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Signature Algorithm Set the Signature Algorithm to:
RSA-SHA256
User Attribute Mapping Map the following user attributes to ensure proper synchronization between the IdP and Updraft:
User Attribute
Value
username
first_name
firstname
last_name
lastname
Testing the Integration
Once the configuration is complete, test the SSO functionality:
Attempt to log in to Updraft using the configured SSO provider.
Ensure user attributes (email, username, first_name, and last_name) are correctly populated in Updraft.
Troubleshooting Tips
Double-check the SP Entity ID and ACS URL for typos or errors.
Confirm that your IdP supports RSA-SHA256 as a signature algorithm.
Ensure the attribute mapping aligns with the user directory in your IdP.
Frequently Asked Questions
What if my IdP doesn't support RSA-SHA256?
Most modern IdPs support RSA-SHA256. If yours does not, consult the IdP's documentation or contact their support for alternative algorithms.
Can I configure additional attributes?
Yes, additional attributes can be configured in your IdP. Updraft currently requires the four specified attributes (email, username, first_name, last_name) to function properly.
Where can I get support for custom SAML integration?
For support, reach out to the Updraft technical team via your Enterprise support portal.
This documentation provides the general setup for integrating Updraft with your custom SAML Identity Provider. If additional assistance is required, refer to your IdP’s documentation or contact Updraft support (support@getupdraft.com).
Last updated