Using SAML you can streamline access to Start.me, by enabling users to log in with their existing work accounts. Whether you're utilizing Okta, OneLogin, JumpCloud, Azure ADFS, or another IdP, integration is straightforward.
What is SAML?
SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. This integration provides single sign-on for SAML and Start.me, allowing you to use your SAML credentials to authenticate in Start.me.
Step 1: Add new IdP (Identity Provider) to Start.me
To configure a new SAML2 integration, the administrator can go to the Enterprise Admin Panel → Authentication → Single Sign-On (SSO) → click "Add".
While adding a new IdP you can select one of the popular IdP's:
Step 2: Configure Start.me as an application in your IdP
Some IdPs allow you to automatically configure the SAML2 integration by a metadata file. You can get the Start.me metadata file by going to the Metadata URL mentioned below.
Metadata URL | https://yourteamdomain].start.me/users/auth/saml2/metadata?id=[auth-id] |
Callback/ACS URL | https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id] |
Recipient | https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id] |
EntityID | startme |
Required attributes |
|
Example SAML-envelope:
Step 3: Configure IdP in Start.me
Go to Enterprise Admin Panel → Authentication → and click "Configure" next to the IdP you created in step 1. Here you can upload the metadata file generated by the IdP. The following fields need to be specified:
SAML 2.0 Endpoint (HTTP)
IdP Entity ID
Public Certificate
Change the label of the login button
Finally, you can configure the look and feel of the Login button that will be shown to users on the sign-in screen of your team portal.
Test the login flow
After you have configured your IdP, you can test the login flow by clicking "Open test page" in the menu.
This will open a new browser window with test instructions. You will need to copy the URL and open it in a new Incognito Window.
Skip the login screen
After you configured your IdP, you can select it as the default login method and thereby bypass the Start.me login screen for your users. Instead of the Start.me login screen, users will immediately be redirected to the IdP login screen.
Automatically Enroll Users in the Right Enterprise Teams
You can automatically assign users to the correct Enterprise teams based on their group memberships. these steps. Click here for more information.
Need assistance?
Please contact support@start.me for more information about getting SAML2 integrated on Start.me.