Make sure to enter the correct domain name in the Login URL setting.
For example, if your employee email is john@example.com, then your Login URL will be https://app.rudderstack.com/sso?domain=example.com.
Configure SAML 2.0 custom attributes
Note that the SAML 2.0 custom attributes may vary depending on the SSO vendor. Make sure to:
Set the property/parameter associated with the user’s email address to Email.
Set the property/parameter associated with the user’s last name to LastName.
Set the SAML nameID format to the property associated with the email address. For this setting, the IdP vendors generally provide a dropdown list with various options for selection.
Your SSO authentication will fail if these mandatory custom attributes are not set up correctly.
Enable SSO
Share the final Metadata URL or metadata file with the RudderStack team to enable SSO for your organization.
Debugging
There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.
A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.
Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.
Note the following before capturing your HAR file:
Start from https://app.rudderstack.com/sso with a clean session, preferably in incognito mode of your browser.
Complete the SSO flow until the step where you face an error.
Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.
The following sections contain solutions for some common errors you might encounter while setting up SSO:
Invalid samlResponse or relayState from identity provider
RudderStack recommends following all the SSO configuration steps correctly and initiating the SSO authentication using the Login URL (https://app.rudderstack.com/sso?domain=<your_website>]).
Required String parameter ‘RelayState’ is not present
The above error indicates that you did not set up your SSO app correctly. Verify your SSO configuration in that case.
This site uses cookies to improve your experience while you navigate through the website. Out of
these
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
essential
for the working of basic functionalities of the website. We also use third-party cookies that
help
us
analyze and understand how you use this website. These cookies will be stored in your browser
only
with
your
consent. You also have the option to opt-out of these cookies. But opting out of some of these
cookies
may
have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
This site uses cookies to improve your experience. If you want to
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.