You can use your organization's existing authentication credentials to log in to Synapse. We provide a Single Sign On option using the SAML 2.0 standard.
In order to configure this feature, we need to collect the following SAML configuration parameters:
- Email Domain (the part of the email after the '@' sign)
- Sign in URL (also called the SSO URL or the Login Redirect URL) - The URL endpoint which processes an authentication request from a user's browser and returns an authentication response to verify the user. This is the page the user will see when they log in using your organization's credentials.
- Your organization's SAML metadata file
To connect Synapse, you need to configure your organization's SSO attribute mappings with the following values:
- email - Synapse supports and uses user e-mail address for authentication. This attribute is typically called 'email' or 'Email' in your organization's system.
- firstName
- lastName
- jobTitle
Synapse SAML Request Bindings (also called the Protocol Bindings):
- Empty value ("") or not present -- HTTP-Redirect
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect -- HTTP-Redirect
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST -- HTTP-POST
Synapse does not use Single Logout Endpoint/Single Logout Response Endpoint properties.
During the SSO setup process, Synapse will provide you with the following information:
ACS URL - this is the endpoint which is "listening" for requests from your organization's Identity Provider. In that system's settings it's typically called "Assertion Consumer URL" or "Assertion Consumer Service (ACS)" or a "post-back URL"
Entity ID - our unique Service Provider identifier (entity identification, or the issuer)
Synapse will also provide the metadata for your connection through a dedicated url.