How to Connect Your SAML Provider
Upscope provides a generic auth provider for SAML2-based authentication, allowing you to connect any SAML2-enabled IdP system.
Supported SAML Services
Upscope supports the following SAML services:
- Identity and Service Provider initiated SSO
- Identity Provider initiated SLO (Single Logout)
Connect Your IdP to Upscope
To connect your IdP to Upscope, navigate to the SAML section of the membership settings. You'll find these under General Settings
» Team settings & SSO
» SAML
.
Change the
Enable SAML SSO
setting toYes
.Scroll to the bottom of the page to find the Configuration information. There, you'll find the following:
SAML Property Meaning SAML Consumer URL Used to log you into Upscope. This could also be called Assertion Consumer Service. SAML Single Logout URL Used to log you out of Upscope when you log out in your IdP. SAML Entity ID This could also be called Metadata, and it identifies your Upscope team. Create a custom application in your IdP using the information above. Your IdP will then provide you with either a XML file or a Metadata URL.
- If you are given a Metadata URL, enter it under the IdP Metadata URL setting on the Upscope website.
- If you are given a XML file, copy its content to your clipboard and paste it into the IdP Metadata XML setting on the same page.
Save the settings, and SAML will be fully set up.
Options
In the SAML section, you'll find the following options:
SAML Option | Meaning |
---|---|
Automatically provision new SAML users? | You can set up Upscope to automatically create an account for people that log in with SAML, without needing to invite them manually. They will be given your default permission set (typically "start session" and "view user list"). If set to no, an admin will need to invite new agents on the members page before being allowed to log in. |
Exclude root user from SAML SSO requirement? | If set to yes, the root user (aka Account Owner) will not be required to log in through SAML and can use a password or a magic link to log in. This is useful if you have an email address that is not part of your IdP that you use for your cloud ops. |