This article is also available in:
For the Academy, SAML will only work with our previous interface, not the current version. If you'd like SAML for the Academy, contact support so they can place you on the correct version.

Click on the icon Apps in the admin console
Click the rightmost icon, that specifies the current amount of SAML apps
Click on the yellow plus sign at the bottom right of the screen
Copy the SSO Url (format:<code>)
Copy the Entity ID (format:<code>)
Download the Certificate, and copy the contents - remove the first and last lines (the lines with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
Click Next
Specify an application name and optionally a description
Optionally: Upload a logo (256px x 256px)
Click Next
Set the ACS URL to the location of your academy, and add "/login" e.g.<academy>/login
Set the Entity ID, and copy it for later use.
Click Next
Click Add new mapping
Add the attribute Email, category Basic Information, user field Primary Email
Click Add new mapping
Add the attribute FirstName, category Basic Information, user field FirstName, Click Add new mapping
Add the attribute LastName, category Basic Information, user field LastName
Click Finish and Ok
Now the status of the app is OFF for everyone. To correct that, click the three dots at the top right
Select ON for everyone and confirm

It will take approximately 24 hours before this is enabled for all accounts present. Until then, the app cannot be tested.
Log in at with your admin account
Click your avatar at the top right of the screen and select advanced setup from the drop-down
Select the rightmost tab, SAML Settings
Enable the sso method (slide to right, color changes to green)
Provide the title. The title should be the same as the Entity ID, as set at step 12
Provide the SSO Url (as provided at step 4)
Provide the Entity ID (as provided at step 5)
Provide the certificate contents (as obtained at step 6)
Provide the same certificate as a backup certificate (for now, as the field is at present required when it should be optional. You can also get a real backup certificate from the Security->set up single sign-on section in the gsuite administration. This extra certificate kan be used to rollover from one certificate to the next without downtime)
Make sure that the CAS and Azure/Okta tabs are disabled (the enabled buttons should be red)
Click Save
Congratulations! People can now log in when navigating to the academy login and through the SAML app icon that is added to the accounts of your users
Was this article helpful?
Thank you!