UserView Logo
    UserViewby Upscope

    Documentation

    How to Connect Your SAML Provider

    Upscope provides a generic auth provider for SAML2-based authentication, allowing you to connect any SAML2-enabled IdP system.

    Supported SAML Services

    Upscope supports the following SAML services:

    • Identity and Service Provider initiated SSO
    • Identity Provider initiated SLO (Single Logout)

    Connect Your IdP to Upscope

    To connect your IdP to Upscope, navigate to the SAML section of the membership settings. You'll find these under General Settings » Team settings & SSO » SAML.

    1. Change the Enable SAML SSO setting to Yes.

    2. Scroll to the bottom of the page to find the Configuration information. There, you'll find the following:

      SAML Property Meaning
      SAML Consumer URL Used to log you into Upscope. This could also be called Assertion Consumer Service.
      SAML Single Logout URL Used to log you out of Upscope when you log out in your IdP.
      SAML Entity ID This could also be called Metadata, and it identifies your Upscope team.

    3. Create a custom application in your IdP using the information above. Your IdP will then provide you with either a XML file or a Metadata URL.

      • If you are given a Metadata URL, enter it under the IdP Metadata URL setting on the Upscope website.
      • If you are given a XML file, copy its content to your clipboard and paste it into the IdP Metadata XML setting on the same page.

    4. Save the settings, and SAML will be fully set up.

    Options

    In the SAML section, you'll find the following options:

    SAML Option Meaning
    Automatically provision new SAML users? You can set up Upscope to automatically create an account for people that log in with SAML, without needing to invite them manually. They will be given your default permission set (typically "start session" and "view user list"). If set to no, an admin will need to invite new agents on the members page before being allowed to log in.
    Exclude root user from SAML SSO requirement? If set to yes, the root user (aka Account Owner) will not be required to log in through SAML and can use a password or a magic link to log in. This is useful if you have an email address that is not part of your IdP that you use for your cloud ops.