SAML

SAML Single Sign-On

Configuring SAML SSO for UI Bakery involves two main steps:

Configuring integration in your identity provider;
Configuring SSO in your UI Bakery instance using environment variables.

Configure UI Bakery integration in your identity provider

The configuration process may vary depending on your chosen identity provider, but there are some common considerations to keep in mind.

The sign-on URL is https://YOUR_INSTANCE/api/auth/login/saml
Find or define entityId;
Find Metadata XML.

UI Bakery instance configuration

To enable UI Bakery to use your OpenID provider, set the following environment variables:

UI_BAKERY_SAML_ENABLED=true
UI_BAKERY_SAML_METADATA_URL=https://integration.com/yourapp/metadata.xml
UI_BAKERY_SAML_ENTITY_ID=uibakery
UI_BAKERY_BRANDING_AUTH_SSO_BTN_TEXT=Login with SAML
UI_BAKERY_GLOBAL_SESSION_COOKIE=true

Disabling MFA from UI Bakery

UI Bakery allows you to enable MFA on the UI Bakery level. When enabled, it is required for:

users signing in with email/password
users signing in via SSO (SAML)

But some SSO providers may also enforce their own MFA, so users will have to complete two MFA prompts: from the SSO provider and from UI Bakery. To avoid this and let users complete only their SSO MFA, you need to configure the following variable: UI_BAKERY_SAML_DISABLE_MFA=true.

With this variable set to true:

SSO users will only complete MFA handled by the SSO provider
Email/password users will complete MFA handled by UI Bakery

PreviousToken refresh NextOkta SAML

Last updated 20 days ago

Was this helpful?