Setting up SSO (SAML 2.0)

Instructions on setting up SSO (SAML 2.0) - Okta, Google etc...

Maruša Barle avatar
Written by Maruša Barle
Updated over a week ago

The following are generic instructions applicable to any SSO provider based on SAML 2.0 protocol.

Setup

Configure your ACS URL

Configure your ACS (Assertion Consumer Service) URL, to listen for the following IdP requests and Entity ID.

Input your value, replacing {tenantName} with the name of your Turtl tenant in each case:

  • ACS URL (Reply URL) – https://{tenantName}.turtl.co/user/login/callback

  • Identifier (Entity ID) – https://{tenantName}.turtl.co

In case you are using your custom domain (CNAME), for example, https://turtl.mycompany.com, input the following:

Talk to us

Speak to support@turtl.co and provide us with your SSO details. We'll then enter it on our end.

What we need from you:

  • A sign on URL (an HTTPS endpoint of your identity provider - IdP) for single sign-on requests, which is available in your IdP configuration.

For example, if you're using Google's SSO, your IdP URL might look something like this:

https://accounts.google.com/o/saml2/idp?idpid=A00abc2z1
  • A public X.509 certificate that's used to verify SAML responses.

For example, your certificate might look something like this:

-----BEGIN CERTIFICATE-----
MIIDdDxxalTgddIisPIGddivnlAZda0GddqGwIbcDQEBddtadcwAlDddBgNVBaoTA0dvb7dwZwBJ
bddtdRTwlaTDVQQcEw4NbcVtdGlpbiBWddVcdQ8wDQTDVQQDEwZcb79nbGtAGDddBgNVBddTD0dv
b7dwZwBGbcIgV79TazELdakGa4tEBcdAVVdAEzaRBgNVisPTAkNcbGldbcJtddEwccANdTkwdjaT
dTkAdDE0WcANdjQwdjxxdTkAdDE0WjB7dRQwEgTDVQQKEwtcb79nbGtgwWPjLjEWdBQGa4tEBAdN
TW94bnRcdd4gVdlldzEPda0Ga4tExxdGR79vZ7AldRgwlgTDVQQLEw9cb79nbGtgRd9TIldvAdwA
AzaJBgNVBaTTalVTdRdwEQTDVQQIEwpDTWApZd9TbdlcdIIBIjaNBgkqckiG9w0BaQElxxOxxQ8a
dIIisPKxxQEanIjPpEdt7w7dgxx77Qt4jA9dl7PBObZtwdPWjdZO74li4OpaPWddlALJAtegPTVd
AGgAen9VlONRddTcgjrwi0T7tQAPcvPwcDlPwT0G94oD0legtw8ldT+7lnP8RZ0kPanz/KklDtnW
TiGw8vaRltV/n/iAKw7ToAkilwlEq40tddwjP0QOwEcKD7Jvwoz0ZTlEL4DELT7KAjctTOTat0+9
nLPRJA4OdtDLzlwAjcLADwwWog9wcQ7PZR+ojlLATwlN0Gw7ijlpaot40tBakp8ibzt0LAtAGE+7
7kdl7tq0LAGj7KcDzllATTAqVkdVeVtAQo0EdPwZo/tAQrtN4wIDaQaBda0GddqGwIbcDQEBddta
a4IBaQBg0TqoA7wGxxTg8WWpAKo4OrwRZAqldTcWodq4DEkEdclaOBPcTPANBv4A+rAcloid9adP
e4IVTTOqZcecczcTtwltqc7zdgA7lV4OdtAIwt0QcdlIBWK7qlwOpv+8g7pGAza9w+zPwVLV7jlq
/QdtcocTtgnd7AVogd7RDPTANwc9Ajwde7LTGwAjaikPdlc0JIpdIaTTcwVzcQJLbZEoZzZ4xxNb
aiqlPlnKwwWKRTBlA/BATTd/TcnKnjkBPT8pgQAIlDQVjK89coevpPdnTcDDncwANgGbzA4dTWoN
0dww4lel/jc7AdcpTaE8dcJT4GdDqPI9vtd0lAGE0tT8
-----END CERTIFICATE-----
  • User profile e-mail property, which is used to identify the user.

For example:

nameID

After connecting both ends, you'll be able to login with SSO.

Did this answer your question?