PS: SAML SSO feature is only available on UserGuiding’s Corporate plan.
When SSO is activated, UserGuiding's login screen will intelligently recognize your organization's domain, enabling your team to log in via your chosen identity provider seamlessly.
Setting up SSO
Step 1: Acquire Your Organization ID from UserGuiding
To get started, contact our support team by sending a message from the chat widget on your panel. Include these details:
Your intention to set up SAML SSO
The domain from which your team members will log in
ex:
mydomain.com
You will receive your Organization ID from our team within a day. Keep this ID, as you'll need it for the next steps.
Step 2: Setup Identity Provider
Replace ORGANIZATION_ID with the ID given by UserGuiding support team.
Entity ID:
userguiding
SSO URL / SAML ACS URL:
https://api.userguiding.com/api/auth/saml/acs/ORGANIZATION_ID/
Single Logout URL / SAML SLS URL:
https://api.userguiding.com/api/auth/saml/sls/ORGANIZATION_ID/
Name ID Format:
EmailAddress
Application Username:
Email
Signed Assertions: Enable
Mapped Attributes
email
: Employee emailfirst_name
: Employee's first namelast_name
: Employee's last name
Import SAML Certificate for UserGuiding
For configuration of your Identity Provider, a SAML certificate is required to sign assertions. You can find it below:
-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgIJALJiO1EnbwzjMA0GCSqGSIb3DQEBCwUAMEYxFDASBgNV
BAoMC1VzZXJHdWlkaW5nMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwP
dXNlcmd1aWRpbmcuY29tMB4XDTIzMDgxNjA3NTgyNloXDTI2MDUxMjA3NTgyNlow
RjEUMBIGA1UECgwLVXNlckd1aWRpbmcxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw
FgYDVQQDDA91c2VyZ3VpZGluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDD9TwvEjLs2BJNLkNCExyyNh1fvyeIq/85k8WyyBFwGe/Uq+iY3h4G
3/Jt8I+fmksveuUOLJnNwEz/5+RjJqU6VJVkbSd75eB1tkiYJNtU/oDay4ZO6xjH
ypxZ/kbmOlbSUbLh1mv1TOse7fuKyxkH1PLZRgwSfraTPYdKLJ6C/LtlGB9k3DJM
CvDAdMyJBtgeUsgRETSFZq/2g9BZ59tvWGviLhnQDv3YYsYlproF5oAbfyzu7Jgz
OOj3b7yMeEmU8UungsEb8bPDakqO6m0PCnyw1IsfOEty2KiV7y3fg5oYU9aoJiWt
RpNXjumVmAcgpXE7rX2KmRdiW9Q+I/wPAgMBAAGjUDBOMB0GA1UdDgQWBBSx2CXX
h9ODGeg/ImUeYppwT1/AKTAfBgNVHSMEGDAWgBSx2CXXh9ODGeg/ImUeYppwT1/A
KTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB0e22cCBUMtFBQliXH
4QRcCyOgC7xGTGGB4V+WwMsoytQOeYNpwYFiRDVT9pRxy35I38w8X3qP41bJpP6k
v2udJ0u6+QMIAzKExFQ8U5Qb1ls0C39GDQgTA0cyLbOu0zdkePQcExCLA5nUfeXm
7N9CJ2VlCWLDJpE+BRCFPGmfZPBCUAnBEAX5gWXrDCfsMHlmC/DEVAyQE4Ja+o46
GFb7FaAbi9FpBCudGOHMkr/Sjukl88XWwZ7Ruv3ute9IQoye7SAqqs9WjLcvzR+8
1xdaOCa29ZTTWDoMS/9SfkGzD+iN68p/BJKzpLx+eryTI/J8ZPLK1vh7FdvSWz12
EB0c
-----END CERTIFICATE-----
Step 3: Forward Identity Provider Metadata to UserGuiding
Download the metadata XML file from your identity provider and send it to our support team. We will complete the setup for you.
Post-SSO Setup
Managing Current Users
Current users can use only SSO for login, login with password option is disabled for all members.
Just-In-Time User Onboarding
New users who haven't interacted with UserGuiding before will have accounts automatically generated during their first SSO login. There is no need for an invitation. However, you should have a team member seat available on your plan.
User Deactivation
Deactivated users from your identity provider will lose access to the UserGuiding organization after their current session expires (30-minute timeout). You can manually remove members in Settings > Team
page for extra precaution.