You can use your organization's existing authentication credentials to log in to Synapse. We provide a Single Sign On option using the SAML 2.0 standard.
In order to configure this feature, we need to collect the following SAML configuration parameters:
Email Domain (the part of the email after the '@' sign)
Sign in URL (also called the SSO URL or the Login Redirect URL) - The URL endpoint which processes an authentication request from a user's browser and returns an authentication response to verify the user. This is the page the user will see when they log in using your organization's credentials.
Your organization's SAML metadata file
To connect Synapse, you need to configure your organization's SSO attribute mappings with the following values:
email - Synapse supports and uses user e-mail address for authentication. This attribute is typically called 'email' or 'Email' in your organization's system.
firstName
lastName
Synapse SAML Request Bindings (also called the Protocol Bindings):
Empty value ("") or not present -- HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect -- HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST -- HTTP-POST
Synapse does not use Single Logout Endpoint/Single Logout Response Endpoint properties.
During the SSO setup process, Synapse will provide you with the following information:
ACS URL - this is the endpoint which is "listening" for requests from your organization's Identity Provider. In that system's settings it's typically called "Assertion Consumer URL" or "Assertion Consumer Service (ACS)" or a "post-back URL"
Entity ID - our unique Service Provider identifier (entity identification, or the issuer)
Synapse will also provide the metadata for your connection through a dedicated url.