Setting up Single Sign On with SAML2.0 involves two steps:
- Enter our metadata into your Identity Provider as a new enterprise application connection
- Share your metadata and certificates with us
Once these steps are complete and both parties have configured connections, contact support to provision a test user and try the sign on challenge end to end.
Note: We support staging environments for testing. Please contact email@example.com for more information.
Create a new enterprise application connection
Our metadata and entity id are the same string: https://api.togetherplatform.com/mentoring/authorize/saml/metadata.xml
Most identity provider clients should parse this xml file and fill out most of the configuration for you. If not, ensure the EntityID is the URL above, and that our certificate is entered.
The NameID assertion format in your configuration should be employee ID when possible. For user attributes, include email address.
If employee ID as the NameID is not possible, use the email address of the user.
Share your metadata and certificates with us
We need your single sign on login URL, logout url, and certificate. Please send these to firstname.lastname@example.org.