Implement SAML using Tesseral

This article explains how you can add SAML to your app using Tesseral.

Advanced Configuration

Setting up SAML on your customer’s behalf

The SAML protocol requires configuration on your customer’s end. When you enable SAML for an Organization, your customer will be able to configure SAML themselves.

You can also configure SAML on your customer’s behalf. To do this, you will need three pieces of information from your customer:

• An IDP Entity ID.
• An IDP Redirect URL.
• An IDP Certificate.

From there, you can go into an Organization’s Authentication tab in the Tesseral Console, and click on Create SAML Connection. Input the three pieces of information.

Your customer will need two pieces of information from you:

• An Assertion Consumer Service (ACS) URL
• An SP Entity ID

In the Tesseral Console, you can copy these values from the Service Provider Details section on your newly created SAML Connection. Your customer will need to enter these values into their Identity Provider.

Making SAML required for an Organization

Once SAML is enabled for an Organization, you can make it the only way to log in to that Organization.

Your customers can make SAML their only allowed login method, or you can enforce that yourself from the Tesseral Console.

To make SAML required for an Organization, go to the Organization’s Authentication tab in the Tesseral Console, and disable all login methods except Log in with SAML.