Custom SSO (SAML)

The Updraft platform supports integration with any SAML 2.0-compliant Identity Provider (IdP). This feature is available with the Enterprise Plan and enables you to configure a custom SAML provider for seamless single sign-on (SSO) functionality.

Since different Identity Providers have varying setup processes, the following instructions provide the general configuration requirements and fields you will need to complete.


Steps to Configure SAML with Updraft

  1. Sign in to Your Identity Provider (IdP) Log in to the administrative interface of your Identity Provider. Refer to the IdP’s documentation for specifics about where to configure Service Provider (SP) details.

  2. Service Provider (SP) Information Use the following information when adding Updraft as the Service Provider:

    • SP Entity ID: Enter the following value: getupdraft

    • Assertion Consumer Service (ACS) URL: Copy and paste the following URL: https://getupdraft.com/saml2_auth/acs/

  3. NameID and Format Configure the NameID settings as follows:

    • SAML Subject NameID: Set this to username.

    • SAML Subject NameID Format: Select: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

  4. Signature Algorithm Set the Signature Algorithm to: RSA-SHA256

  5. User Attribute Mapping Map the following user attributes to ensure proper synchronization between the IdP and Updraft:

User Attribute

Value

email

email

username

email

first_name

firstname

last_name

lastname


Testing the Integration

Once the configuration is complete, test the SSO functionality:

  • Attempt to log in to Updraft using the configured SSO provider.

  • Ensure user attributes (email, username, first_name, and last_name) are correctly populated in Updraft.


Troubleshooting Tips

  • Double-check the SP Entity ID and ACS URL for typos or errors.

  • Confirm that your IdP supports RSA-SHA256 as a signature algorithm.

  • Ensure the attribute mapping aligns with the user directory in your IdP.


Frequently Asked Questions

What if my IdP doesn't support RSA-SHA256?

Most modern IdPs support RSA-SHA256. If yours does not, consult the IdP's documentation or contact their support for alternative algorithms.

Can I configure additional attributes?

Yes, additional attributes can be configured in your IdP. Updraft currently requires the four specified attributes (email, username, first_name, last_name) to function properly.

Where can I get support for custom SAML integration?

For support, reach out to the Updraft technical team via your Enterprise support portal.


This documentation provides the general setup for integrating Updraft with your custom SAML Identity Provider. If additional assistance is required, refer to your IdP’s documentation or contact Updraft support (support@getupdraft.com).

Last updated