Note: If your Tulip account is already using email/password combinations for login, see this separate guide for migrating your account to SAML.
Note: This feature is only available to "Account Owners" on "Enterprise" plans.
Your IT administrator can configure the way that users are defined within Tulip based on SAML attributes.
This guide will show you how to set up this mapping.
Two important notes to consider before setting up this mapping:
Review this guide to understand the different types of roles in Tulip.
If you would like operators to continue to log in with their badge ID, please speak to your Tulip representative.
Entering SAML Configuration Into Tulip
First, alert your Tulip representative that you would like to use SAML SSO. Then, the feature will be enabled on your account.
You will need to have the "Account Owner" role to set this up. Click your user profile in the top right of the screen, and select "Settings"
Then, select "SAML" from the list of options on the left.
From here, you are able to download our Metadata XML file and create the Tulip application in your Identity Provider.
Next, Tulip can accept a Metadata XML from your provider, or you can manually provide the following:
SSO Login URL
SSO Logout URL
Certificates (in PEM format)
Setting Up Attribute Mapping
Next, you will set up the ways that different attributes from SAML connect to Tulip user attributes.
You must tie each of the following Tulip user fields to a SAML attribute:
Then, you will enter specific values from the "Role" attribute in SAML, and map them to specific roles in Tulip. It looks like this:
In this example, if the attribute
Role for a user had a value of
admin, when they sign into Tulip they will have Administrator privileges.
Finally, you can configure the login button wording that is presented to users.
Testing the Configuration
After you have entered all the integration details, hit the "Save" button at the bottom.
Then, you can use the "Test SAML Authentication" tool at the top right of the screen to ensure that your setup works correctly.
When you press the "Authenticate" button, you will be able to attempt to login with any SAML user's credentials.
Any errors will be shown if the login fails.
If the login succeeds, all details from that SAML user will be displayed on the right side of the screen.