--- title: "SAML impacts on Tulip permissions" slug: "saml-impacts-on-tulip-permissions" updated: 2025-09-24T20:16:24Z published: 2025-09-24T20:16:24Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.tulip.co/llms.txt > Use this file to discover all available pages before exploring further. # SAML impacts on Tulip permissions Who can use this feature Users on Professional plans and above. After you start using SAML SSO in your Tulip account, the behavior of multiple features will adapt to this new authentication method. Here is how the functionality of different features will change: ## Log In / User Creation When an operator, user or viewer attempts to log in to Tulip or the Player, they will see a screen like this: ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/How%20SAML%20Integrates%20with%20Different%20Tulip%20Features_172144347.png) After they click the button, they will be redirected to a SAML login modal like this: ![](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/How%20SAML%20Integrates%20with%20Different%20Tulip%20Features_172144440.png) Users will only be able to log in with their SAML credentials or Badge ID, depending on your setup in Account Settings. When they log in for the first time, a new user or operator will be created in Tulip with all relevant details from their SAML account. ## Automatic Log Out Tulip supports IdP-initiated logout. So, if you want users to log out of all software services at once via a logout from your identity provider, Tulip will respond to that logout request. ## Edge Devices For SAML instances, the admin can go their user profile page and they would see an "Change Tulip password..." option. They can set up a new password and use that for registering the edge device to their instance. ![image.png](https://cdn.document360.io/7c6ff534-cad3-4fc8-9583-912c4016362f/Images/Documentation/image%28898%29.png) Please talk to your Tulip representative if you would like to use SAML in combination with I/O gateways or Edge IO. ## Compatibility With Other Tulip Features After your organization begins using the SAML integration, you will also be able to use SAML for authentication in these two features: - [Approvals on new versions of apps](https://support.tulip.co/docs/how-to-set-up-approvals-for-your-apps) - [E-signatures from operators within apps](https://support.tulip.co/docs/creating-a-signature-form-step) **Security Assertion Markup Language** **Security Assertion Markup Language** is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Within Tulip, SAML can be used to authenticate **Users.** **Tulip Player** **Tulip Player** is the Windows/Mac executable program where users can run Tulip apps. Tulip player allows you to create a more seamless user experience by removing the need for a web browser, and allows increased IT controls. **Edge Devices** **Edge Devices** are any hardware intended to connect physical things to the cloud. This can include entirely mechanical devices, older machines without network functionality, PLCs, and more. Tulip sells the **Edge IO** and **Edge MC** that interface directly into **Triggers** in a breeze, but Tulip can also support other Edge Devices.