Contents x
    How To Set Up SAML SSO on Your Tulip Account
    • 16 Aug 2023
    • 2 Minutes to read
    • Contributors
    • Print
    Contents

    How To Set Up SAML SSO on Your Tulip Account

    • Updated on 16 Aug 2023
    • 2 Minutes to read
    • Contributors
    • Print
    Article Summary

    How To Set Up SAML SSO on Your Tulip Account

    Here's how IT administrators can configure the integration between your IdP and Tulip.

    *Note: If your Tulip account is already using email/password combinations for login, see this separate guide for migrating your account to SAML

    Note

    This feature is only available to "Account Owners" on "Professional" or "Enterprise" plans.*

    Your IT administrator can configure the way that users are defined within Tulip based on SAML attributes.

    This guide will show you how to set up this mapping.

    Two important notes to consider before setting up this mapping:

    1. Review this guide to understand the different types of roles in Tulip.
    2. To understand authorization and authentication methods supported by Tulip, please read this guide
    3. If you would like operators to continue to log in with their badge ID, please speak to your Tulip representative.

    Entering SAML Configuration Into Tulip

    First, alert your Tulip representative that you would like to use SAML SSO. Then, the feature will be enabled on your account.

    You will need to have the "Account Owner" role to set this up. Click your user profile in the top right of the screen, and select "Settings"

    Then, select "SAML" from the list of options on the left.

    From here, you are able to download our Metadata XML file and create the Tulip application in your Identity Provider.

    Next, Tulip can accept a Metadata XML from your provider, or you can manually provide the following:

    • SSO Login URL
    • SSO Logout URL
    • Certificates (in PEM format)

    Setting Up Attribute Mapping

    Next, you will set up the ways that different attributes from SAML connect to Tulip user attributes.

    You must tie each of the following Tulip user fields to a SAML attribute:

    • Name
    • Email
    • Badge ID
    • Role

    Next, you will need to configure Authorization. See this guide for more details.

    Finally, you can configure the login button wording that is presented to users.

    Testing the Configuration

    After you have entered all the integration details, hit the "Save" button at the bottom.

    Then, you can use the "Test SAML Authentication" tool at the top right of the screen to ensure that your setup works correctly.

    When you press the "Authenticate" button, you will be able to attempt to login with any SAML user's credentials.

    Any errors will be shown if the login fails.

    If the login succeeds, all details from that SAML user will be displayed on the right side of the screen.

    Further Reading

    Was this article helpful?
    What's Next
    Platform
    Library
    Products
    Resources
    Existing Users
    Connect With Us
    Contact Sales
    Copyright © Tulip Interfaces. All Rights Reserved