SAML is a standard that enables the secure communication of identities between organizations. Re:amaze is a SAML Service Provider that can accept Identities provided by a SAML Identity Provider (IdP) for the purposes of allowing Single-Sign-On (SSO) for organizations that have a SAML IdP.
This allows you to control Sign-On policies for your staff users with a third party like Okta, Onelogin, Azure AD, Google G Suite, or other SAML Identity Providers. Re:amaze supports IdPs that provide email formatted identifiers.
We've listed the instructions to connect Re:amaze to G Suite SAML as an example, but the process should be similar for other providers.
To Connect Re:amaze to G Suite SAML
- Go to your Google Admin console (at admin.google.com)
- Go to SAML Apps. You'll need certain administrative permissions in order to access this.
- Click the plus (+) icon in the bottom corner.
- Click Set up my own custom app.
- The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
- Copy the Single Sign-On URL and paste it into Re:amaze under Settings > SAML/SSO
- Download the X.509 Certificate, open it in a text editor and paste it into the corresponding field under Settings > SAML/SSO
- In the Service Provider Details window, add the ACS URL, an Entity ID, and a start URL. The ACS URL, the Entity ID, and the start URL information are all provided in Re:amaze under the same Settings > SAML/SSO page.
- Click Finish
You should now have SAML login with G Suite enabled. Make sure to allow all Google domain users to access this newly added SAML custom app.