How to set up Single Sign-On

Enabling SAML authentication for your organization

Rebecca McDougall avatar
Written by Rebecca McDougall
Updated over a week ago

You can use your organization's existing authentication credentials to log in to Synapse. We provide a Single Sign On option using the SAML 2.0 standard.

In order to configure this feature, we need to collect the following SAML configuration parameters:

  • Email Domain (the part of the email after the '@' sign)

  • Sign in URL (also called the SSO URL or the Login Redirect URL) - The URL endpoint which processes an authentication request from a user's browser and returns an authentication response to verify the user. This is the page the user will see when they log in using your organization's credentials. 

  • Your organization's SAML metadata file

To connect Synapse, you need to configure your organization's SSO attribute mappings with the following values:

  • email - Synapse supports and uses user e-mail address for authentication. This attribute is typically called 'email' or 'Email' in your organization's system.

  • firstName

  • lastName

Synapse SAML Request Bindings (also called the Protocol Bindings):

  • Empty value ("") or not present  --  HTTP-Redirect

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect  --  HTTP-Redirect

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST  --  HTTP-POST 

Synapse does not use Single Logout Endpoint/Single Logout Response Endpoint properties.


During the SSO setup process, Synapse will provide you with the following information:

ACS URL - this is the endpoint which is "listening" for requests from your organization's Identity Provider. In that system's settings it's typically called "Assertion Consumer URL" or "Assertion Consumer Service (ACS)" or a "post-back URL"

Entity ID - our unique Service Provider identifier (entity identification, or the issuer)

Synapse will also provide the metadata for your connection through a dedicated url.

Did this answer your question?