How To Set Up SAML SSO on Your Tulip Account
  • 16 Aug 2023
  • 2 Minutes to read
  • Contributors

How To Set Up SAML SSO on Your Tulip Account

Article Summary

How To Set Up SAML SSO on Your Tulip Account

Here's how IT administrators can configure the integration between your IdP and Tulip.

*Note: If your Tulip account is already using email/password combinations for login, see this separate guide for migrating your account to SAML


This feature is only available to "Account Owners" on "Professional" or "Enterprise" plans.*

Your IT administrator can configure the way that users are defined within Tulip based on SAML attributes.

This guide will show you how to set up this mapping.

Two important notes to consider before setting up this mapping:

  1. Review this guide to understand the different types of roles in Tulip.
  2. To understand authorization and authentication methods supported by Tulip, please read this guide
  3. If you would like operators to continue to log in with their badge ID, please speak to your Tulip representative.

Entering SAML Configuration Into Tulip

First, alert your Tulip representative that you would like to use SAML SSO. Then, the feature will be enabled on your account.

You will need to have the "Account Owner" role to set this up. Click your user profile in the top right of the screen, and select "Settings"

Then, select "SAML" from the list of options on the left.

From here, you are able to download our Metadata XML file and create the Tulip application in your Identity Provider.

Next, Tulip can accept a Metadata XML from your provider, or you can manually provide the following:

  • SSO Login URL
  • SSO Logout URL
  • Certificates (in PEM format)

Setting Up Attribute Mapping

Next, you will set up the ways that different attributes from SAML connect to Tulip user attributes.

You must tie each of the following Tulip user fields to a SAML attribute:

  • Name
  • Email
  • Badge ID
  • Role

Next, you will need to configure Authorization. See this guide for more details.

Finally, you can configure the login button wording that is presented to users.

Testing the Configuration

After you have entered all the integration details, hit the "Save" button at the bottom.

Then, you can use the "Test SAML Authentication" tool at the top right of the screen to ensure that your setup works correctly.

When you press the "Authenticate" button, you will be able to attempt to login with any SAML user's credentials.

Any errors will be shown if the login fails.

If the login succeeds, all details from that SAML user will be displayed on the right side of the screen.

Further Reading

Was this article helpful?