Generic SAML 2.0

In this page you can find guidance on how to set up the SAML 2.0 tab in the SSO configuration. Before you start, you need to have a SAML 2.0 identity provider (IdP) configured to issue assertions to Meterian. The values to enter in the form come from that identity provider.

Fields

Name — a label that identifies this configuration inside Meterian. Only letters, numbers, hyphens and underscores are allowed, and it cannot be changed once saved.

Metadata URL — the URL where your identity provider publishes its SAML metadata document. Meterian uses it to discover the IdP's SSO endpoint and signing certificate. Most identity providers expose this URL from the application or connection you created for Meterian.

Attribute mapping

After saving, an "Attribute Mapping" section appears below the login URL. Attribute mapping is required for this SSO configuration to work — until it is set, users authenticated through your identity provider cannot be matched to a Meterian account.

For each field, enter the name of the SAML attribute (or claim) your identity provider sends in the assertion.

Email — the attribute that carries the user's email address. This is the value Meterian uses to identify the user.

Name — the attribute that carries the user's display name.

User ID — the attribute used as the stable unique identifier for the user. If left blank, the email address is used as the user ID.

Click "Save mapping" to apply. If you change the mapping later, simply update the values and click "Save mapping" again.

After saving

Once both the configuration and the attribute mapping have been saved, the "Login URL" section can be shared with the users who should log in via SAML. They will be redirected to your identity provider to sign in, and then back into Meterian.