Top Feature SAML – Single sign-on - SafePaaS

Top Feature SAML – Single sign-on

SAML Single sign-on

Our customers are enabling thousands of users to access SafePaaS self-service security and control monitoring services using SAML enabled single sign-on (SSO) from multiple devices using a single ID.

This takes just minutes to set up and makes end-user management much more efficient.

SafePaaS Identity uses the XML-based Security Assertion Markup Language (SAML) protocol for single sign-on into SafePaaS from a corporate portal or identity provider. With SAML, you can transfer user information between services, such as from SafePaaS to Microsoft 365.

Configure an Azure AD Authentication Provider

Configure Microsoft Azure Active Directory (AD) as an authentication provider to let users log in to your SafePaaS using their Azure AD credentials. The Azure application allows your users to use their Azure AD credentials to log in to a SafePaaS company. Log in to Microsoft Azure. On the left panel, select Azure Active Directory.

Azure Active Directory Single Sign On

To register a new application, click “Enterprise applications” on the left panel and click “New application”.

SAML Single Sign-on
SAML Single sign-on

Select “Non-gallery application”.

SAML Single sign-on

Enter an application name and click “Add”.

SAML Single sign-on

Assign the users that will be able to login SafePaaS clicking “Assign users and groups”.

SAML Single sign-on

For SAML configuration, click “Set up single sign on” and click “SAML”.

SAML Single sign-on
SAML Single sign-on

Fill the following in “Basic SAML Configuration”:

  • “Identifier (Entity ID)”: https://*****.safepaas.com
  • “Reply URL (Assertion Consumer Service URL)”: https://*****.safepaas.com/monitor/ferm.saml_sso

Add the “Company” attribute with the company code of SafePaaS in “User Attributes & Claims”.

Download the “Certificate (Base64)” in “SAML Signing Certificate”.

Copy the “Login URL”, “Azure AD Identifier” and the “Logout URL”.

Click on “Properties” in the left panel and copy the “User access URL”.

SAML Single sign-on

Create an Azure Authentication Provider in SafePaaS

Setup its SAML values in SafePaaS:

Go to Administration > Company Settings > Manage Company > SAML


SAML Single sign-on
  1. Enable “SAML 2.0”.
  2. Upload the certificate that you downloaded from Azure.
  3. Select “SHA-256” in “SAML Signature Algorithm”.
  4. Fill “User Access URL” with “User Access URL” from Azure.
  5. Fill “Issuer URL” with “Login URL” from Azure.
  6. Fill “SAML 2.0 Endpoint (HTTP)” with “Azure AD Identifier” from Azure.
  7. Fill “SLO Endpoint (HTTP)” with “Logout URL” from Azure.
  8. Click “Apply Changes” button.
Go to Administration > Company Settings > Users and create the users with the same email of Azure users.


Test SafePaaS Connection with Azure SSO

Login to Azure Portal. Go to Enterprise applications > Search SafePaaS app > Single sign-on > Test this application.


SAML Single sign-on

Click “Sign in as current user” and you will be redirected to SafePaaS home page.

You can also login directly to SafePaaS application using your Azure user and password.