Generic SAML 2.0

Generic SAML 2.0

Internal Generic SAML 2.0 supports Service Provider (SP)-Initiated Authentication and Identity Provider (IdP)-Initiated Authentication (SSO) flows.

Note: When using SAML 2.0, the user's email address in your SAML 2.0 provider must match the Internal user's email address.

Begin Setting Up SAML 2.0:

  1. Log in to Internal and navigate to 'Company Settings'
  2. Select the 'Security' tab
  3. Select 'Single Sign-On' to open the Single Sign-On drawer.
  4. From the Single Sign-On drawer, select 'Generic SAML 2.0t' from the drop down.
  5. Copy the Internal Single Sign-On URL

Configure SAML Provider Settings:

  1. For the Single Sign-On URL, use the Internal Single Sign-On URL you copied from Internal.
  2. For the SP Entity ID (also called Service Provider Entity ID), also use the Internal Single Sign-On URL you copied from Internal.
  3. Leave Default Relaystate blank.
  4. Set the Name ID format to emailAddress.
  5. If applicable, set the application username to the user’s email.
  6. In the Attributes Statements section, map the following Internal attributes to your provider’s equivalent attribute:
  • email: The user's email address.
  • firstName: The user's first name.
  • lastName: The user's last name.
Note: There may be additional steps specific to your SAML 2.0 provider that you’ll need to complete.

Complete Setup in Internal:

  1. Enter the Identity Provider Single Sign-On URL from your SAML 2.0 provider.
  2. Enter the Identity Provider Issuer (also called Entity ID) from your SAML 2.0 provider.
  3. Enter the X.509 Certificate from your SAML 2.0 provider.
  4. Save your SSO settings in Internal. Then, re-open the SSO settings and click “Test SAML Configuration” to ensure your SAML 2.0 provider works correctly. 
  5. To enable SSO for all employees, check the checkbox “Require employees to use Single Sign-On when signing into their Internal account”.