Generic SSO Parameters
  • 1 Minute to read
  • PDF

Generic SSO Parameters

  • PDF

Article Summary

About this document

This document describes the generic SAFE SSO implementation and parameters that customers can use to configure their SSO integrations. This document supplements SAFEs documented SSO integrations as well as providing information allowing any SAML 2.0 based SSO integration to be configured.


Single Sign-On (SSO) enables organizations to use the SAML 2.0 authentication provider for authenticating login into SAFE. SAFE Admin can onboard and manage users right from any SAML 2.0 enabled SSO platform, eliminating the need to maintain a separate user authentication mechanism for SAFE.

Generic SSO Process

Configuring SSO for the SAFE platform will follow the following generic steps

  1. Configure your identity provider using either the SSO parameters in this document, or by following one of SAFEs published SSO guides.
  2. Submit your XML metadata file and SSO-applicable email domain to the SAFE Service Desk
  3. On receipt your XML metadata file and SSO-applicable email domain SAFE will configure your SSO details and respond to confirm that configuration has been completed for SAFE
  4. Test that SSO works correctly.

SAFE Specific SSO Parameters

In order to configure SAFE SSO you will need the following SSO Parameters:

Entity ID and ACS URL / Reply URL 

The Entity ID and Reply URL will vary based on the URL that you use to access the SAFE One platform

Name ID Format

You must specify the Name ID Format as Email

Email Attribute Mapping 

Use the following as your Email Attribute Mapping:

Additional Attribute Mapping 

These are optional and only if the following attributes are available will be synced automatically to SAFE):

First Name:

Last Name:


Does SAFE support IDP initiated SSO?

SAFEs SSO utilises AWS Cognito. At this time, AWS Cognito does not support IDP initiated SSO.

Was this article helpful?