redirect.pizza can connect directly with your IdP to enable SSO via SAML2. This guide provides the necessary information for configuration.
Note: SAML SSO is available from our Business plan and up.
Setting up
Navigate in redirect.pizza to More -> Settings. At the bottom of the page, you will find your SSO entity ID & ACS URL.
Navigate to your identity provider and set-up your SSO connection with the Entity ID & ACS URL as defined here.
Set the following options if available:
- Name ID format: EmailAddress
- Signed Assertions: Yes
- Encryption: Preferred. Download our certificate here.
Downloading your specifications
Download your IdP's metadata XML file and send it to support@redirect.pizza to be configured. Include which domains you want to activate SSO on. In most cases, it's a single domain. If required, we can support multiple domains under one SSO configuration. We'll set-up SAML SSO and let you know when it's activated.
Authentication
When SAML SSO is activated, users may authenticate through their IdP or via redirect.pizza. When a domain is detected in the email address, we'll prompt the user with the ability to login directly with SAML SSO.
Access
Only users that have been invited via redirect.pizza may access the account.
You can invite new users under More -> Users. They will receive an one-click link which can be used with SSO to activate their account.