All Collections
Security & Compliance
Single sign-on (SSO) with SAML2
Single sign-on (SSO) with SAML2
Muhammet avatar
Written by Muhammet
Updated over a week ago

PS: SAML SSO feature is only available on UserGuiding’s Corporate plan.

When SSO is activated, UserGuiding's login screen will intelligently recognize your organization's domain, enabling your team to log in via your chosen identity provider seamlessly.

Setting up SSO

Step 1: Acquire Your Organization ID from UserGuiding

To get started, contact our support team by sending a message from the chat widget on your panel. Include these details:

  • Your intention to set up SAML SSO

  • The domain from which your team members will log in

    • ex: mydomain.com

You will receive your Organization ID from our team within a day. Keep this ID, as you'll need it for the next steps.

Step 2: Setup Identity Provider

Replace ORGANIZATION_ID with the ID given by UserGuiding support team.

  • Entity ID: userguiding

  • SSO URL / SAML ACS URL:

    https://api.userguiding.com/api/auth/saml/acs/ORGANIZATION_ID/

  • Single Logout URL / SAML SLS URL: https://api.userguiding.com/api/auth/saml/sls/ORGANIZATION_ID/

  • Name ID Format: EmailAddress

  • Application Username: Email

  • Signed Assertions: Enable

  • Mapped Attributes

    • email: Employee email

    • first_name: Employee's first name

    • last_name: Employee's last name

  • Import SAML Certificate for UserGuiding

    For configuration of your Identity Provider, a SAML certificate is required to sign assertions. You can find it below:

    -----BEGIN CERTIFICATE-----
    MIIDXzCCAkegAwIBAgIJALJiO1EnbwzjMA0GCSqGSIb3DQEBCwUAMEYxFDASBgNV
    BAoMC1VzZXJHdWlkaW5nMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwP
    dXNlcmd1aWRpbmcuY29tMB4XDTIzMDgxNjA3NTgyNloXDTI2MDUxMjA3NTgyNlow
    RjEUMBIGA1UECgwLVXNlckd1aWRpbmcxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgw
    FgYDVQQDDA91c2VyZ3VpZGluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    ggEKAoIBAQDD9TwvEjLs2BJNLkNCExyyNh1fvyeIq/85k8WyyBFwGe/Uq+iY3h4G
    3/Jt8I+fmksveuUOLJnNwEz/5+RjJqU6VJVkbSd75eB1tkiYJNtU/oDay4ZO6xjH
    ypxZ/kbmOlbSUbLh1mv1TOse7fuKyxkH1PLZRgwSfraTPYdKLJ6C/LtlGB9k3DJM
    CvDAdMyJBtgeUsgRETSFZq/2g9BZ59tvWGviLhnQDv3YYsYlproF5oAbfyzu7Jgz
    OOj3b7yMeEmU8UungsEb8bPDakqO6m0PCnyw1IsfOEty2KiV7y3fg5oYU9aoJiWt
    RpNXjumVmAcgpXE7rX2KmRdiW9Q+I/wPAgMBAAGjUDBOMB0GA1UdDgQWBBSx2CXX
    h9ODGeg/ImUeYppwT1/AKTAfBgNVHSMEGDAWgBSx2CXXh9ODGeg/ImUeYppwT1/A
    KTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB0e22cCBUMtFBQliXH
    4QRcCyOgC7xGTGGB4V+WwMsoytQOeYNpwYFiRDVT9pRxy35I38w8X3qP41bJpP6k
    v2udJ0u6+QMIAzKExFQ8U5Qb1ls0C39GDQgTA0cyLbOu0zdkePQcExCLA5nUfeXm
    7N9CJ2VlCWLDJpE+BRCFPGmfZPBCUAnBEAX5gWXrDCfsMHlmC/DEVAyQE4Ja+o46
    GFb7FaAbi9FpBCudGOHMkr/Sjukl88XWwZ7Ruv3ute9IQoye7SAqqs9WjLcvzR+8
    1xdaOCa29ZTTWDoMS/9SfkGzD+iN68p/BJKzpLx+eryTI/J8ZPLK1vh7FdvSWz12
    EB0c
    -----END CERTIFICATE-----

Step 3: Forward Identity Provider Metadata to UserGuiding

Download the metadata XML file from your identity provider and send it to our support team. We will complete the setup for you.

Post-SSO Setup

Managing Current Users

Current users can use only SSO for login, login with password option is disabled for all members.

Just-In-Time User Onboarding

New users who haven't interacted with UserGuiding before will have accounts automatically generated during their first SSO login. There is no need for an invitation. However, you should have a team member seat available on your plan.

User Deactivation

Deactivated users from your identity provider will lose access to the UserGuiding organization after their current session expires (30-minute timeout). You can manually remove members in Settings > Team page for extra precaution.

Did this answer your question?