Skip to main content

Setting up SAML Authentication for Adaptive Applications

Adaptive supports configuring your account to leverage SAML authentication across both the Employee Training App and Admin Portal

Updated over a week ago

Before You Start

Review our general User (Admin & Employee) Authentication documentation for more details.

To set up SAML authentication, navigate to your Adaptive Admin account and select 'Settings' from the navigation, the select the 'Authentication' tab at the top of the page.

Setting up SAML for both the Employee Training App and Admin Portal will require you to set up two SAML connections in you third party IdP

Setup Processes by Provider

  1. Okta

  2. Microsoft

  3. Google

  4. Ping Identity

  5. Generic Setup Process

File:Okta logo (2023).svg - Wikimedia Commons

Okta Setup Process

Employee Training App

Setting up Okta SAML for the Employee Training app is done in conjunction with the Okta SCIM setup. You can find instructions here.

  • If you are looking to set up Employee Training App Okta SAML without Okta SCIM, follow the instructions above and stop after the Okta SAML section.

Admin Portal / App

Create Okta SAML 2.0 App Integration

As an Okta administrator, log into the Okta admin console (e.g. https://dundermifflin.okta.com/) and navigate to the ‘Applications’ tab (under the Applications section) in the left hand menu.

Click "Create App Integration" and Check the "SAML 2.0" radio button, then click "Next"

On Step 1 (‘General Settings’), set the following values before clicking ‘Next’:

  • App Name: Adaptive Admin Portal SAML

  • App logo (optional): Adaptive logo

  • App visibility: Choose if you want to display to users or not

'Configure' SAML step (step 2)

1. In your Adaptive Admin account, navigate to the Settings page and select the 'Authentication' tab. Scroll to the Admin App section of the page and select the '+ Add Option' button to begin the SAML setup process.

Reminder: These instructions enable authentication to our Admin Application at https://admin.adaptivesecurity.com/login

2. Complete the following steps:

  • Copy the Reply URL (Assertion Consumer Service URL) from Adaptive and enter that into the Sign-on URL field in Okta

  • Copy the SP Entity ID URL from Adaptive and enter that into the Audience URI (SP Entity ID) field in Okta

3. Scroll to the bottom of the page and click 'Next'. On the following step, click 'Finish'

4. Once you've clicked finish you will be taken to the 'Sign On' section. Complete the following steps:

  • In the SAML 2.0 section, click 'More Details' to expand the section

  • Copy the 'Sign on URL' from Okta and paste that into the Login URL field in Adaptive

  • Copy the 'Issuer' URL from Okta and past that into the IDP Entity ID field in Adaptive

  • Copy the 'Signing Certificate' from Okta and paste that into the Verification Certificate field in Adaptive

When copying the cert, INCLUDE the ----BEGIN CERTIFICATE----- and ----END CERTIFICATE---- when pasting into the Verification Certificate field

  • Press 'Save' in the bottom right hand corner of the Adaptive SAML setup modal

Microsoft centered Logo PNG Transparent & SVG Vector - Freebie Supply

Microsoft Setup Process

1. Log into Microsoft Azure and navigate to 'Enterprise Application'. Select the New Application option

2. Choose to create you own application and name the application Adaptive Security SAML (Training App) or Adaptive Security SAML (Admin App then select the option that reads Integrate any other application you don't find in the gallery

3. From the overview page, select 2. Set up single sign on and then choose SAML from the 'Select a single sign-on method' options

4. In your Adaptive Admin account, navigate to the Settings page and select the 'Authentication' tab. Select the '+ Add Option' button in the appropriate section (Admin App or Employee Training App). Select SAML2 from the option modal

  • As a reminder, if you want to set up SAML for both the Admin App and the Employee Training App you will need to create 2 applications in your Microsoft account (step 2 above)

5. Back in Microsoft, click the 'Edit' option in the Basic SAML configuration section and complete the following steps:

  • In the Identifier (Entity ID) section, click 'Add identifier' and copy the Entity ID URL from Adaptive into Microsoft Azure.

  • In the Reply URL (Assertion Consumer Service URL) section, click 'Add reply URL' and copy the Reply URL from Adaptive into Microsoft Azure

  • If you want your users to be able to log in directly from a Microsoft property (like Entra or O365), leave the "Sign-on URL (Optional)" field blank

  • Click 'Save'

6. In Microsoft Azure, scroll to the SAML Certificates section and complete the following steps:

  • Download the Certificate (Base64) file and open it in a text editor. Copy the contents into the Verification Certificate section in Adaptive

When copying the cert, INCLUDE the ----BEGIN CERTIFICATE----- and ----END CERTIFICATE---- when pasting into the Verification Certificate field

7. In Microsoft Azure, scroll to the Set up Adaptive Security SAML (Training App) section and complete the following steps:

  • Copy the 'Login URL' value and paste that into Login URL field in Adaptive

  • Copy the 'Microsoft Entra Identifier' URL and paste that into the IDP Entity ID field in Adaptive

  • Click 'Save' in the bottom right corner of the setup modal

8. In Microsoft Azure, navigate to the 'Users and Groups' section in the menu of the Application and select which employees your want to add to the application. Only users added to the app in Microsoft Azure will be able to successfully log in to Adaptive via Microsoft SAML.

Google logo - Wikipedia

Google Setup Process

1. Log into you admin.google.com account and under the 'Apps' section in the navigation, select 'Web and mobile apps'

2. Open the 'Add app' dropdown and select 'Add custom SAML app'

3. Name the app relative to which Adaptive web app you are configuring SAML (e.g. 'Adaptive Admin Portal SAML' or 'Adaptive Employee Training App SAML' and click 'Continue'

  • Reminder: if you want to configure SAML for both admins and employees you need to add two custom SAML apps. More details here

4. In a separate tab, navigate to the 'Settings' page in your Adaptive Admin account and select the 'Authentication' tab at the top of the page

5. Click the '+ Add Option' in the section you are configuring SAML authentication for -- either the Admin Portal or the Employee Training App. Select the SAML2 option from the authentication option modal and click continue

6. Back on the tab where you were creating your Google SAML app, copy the details from the 'Google Identity Provider Details (Step 2)' and paste them into the Adaptive setup page:

Google Field to Copy

Paste into Adaptive Field

Notes

SSO URL

Login URL

Entity ID

IDP Entity ID

Certificate

Verification Certificate

Please ensure to include the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- portions when copying into Adaptive

7. Click 'Continue' in Google and then copy the details from the Adaptive setup page and paste them into the fields on the 'Service provider details (Step 3)' page in Google:

Adaptive Field to Copy

Paste into Google Field

Notes

Reply URL (Assertion Consumer Service URL)

ACS URL

SP Entity ID

Entity ID

  • Name ID format can remain set to 'UNSPECIFIED' and Name ID should be set to 'Basic Information > Primary email'

8. Click 'Save' on the setup modal in Adaptive.

9. On the 'Attribute mapping (step 4)' page in Google, click 'Add Mapping' and set the following values before clicking 'Finish'.

10. The app defaults to 'OFF for everyone'. To ensure users will be able to sign in with this mechanism, click on the 'User access' section from the application page. From here, you can choose to make the app ON for everyone or configure the app for specific Google groups.

In order to access Adaptive, employee must have access to the Google SAML application AND have an active employee record in Adaptive. If you turn the application ON for everyone, only users with active employee records in Adaptive will be able to use it to log in to our product.

11. Navigate to the appropriate log in page (https://admin.adaptivesecurity.com/login or https://app.adaptivesecurity.com/login) and test the authentication method.

We only recommend removing previously enabled authentication options AFTER you have successfully tested the new authentication option.

Identity Security for the Digital Enterprise | Ping Identity

Ping Identity Setup Process

  1. Under Applications, click the “+” button to add a new application.

    1. Select “SAML Application” as the Application type.

  2. Select “Manually Enter” in the SAML configuration step, then copy the following fields from Adaptive into Ping

    1. Copy the SP Entity ID from Adaptive into the Entity ID field in Ping

    2. Copy the Reply URL (Assertion Consumer Service URL) in Adaptive into the ACS URL field in Ping

  3. Copy the following fields from Ping into Adaptive:

    1. Copy the Issuer ID from Ping into the IDP Entity ID field in Adaptive

    2. Copy the Initiate Single Sign-On URL from Ping into the Login URL field in Adaptive

    3. Download the Signing Certificate in Ping as a .crt file. Copy the entire contents of the certificate into the Verification Certificate field in Adaptive.

  4. In Ping, go to the “Attribute Mappings” tab. Change saml_subject to map to Email Address instead of User ID

  5. Enable the application in Ping by clicking this toggle button:

Generic Setup Process

Use this guide to configure SAML 2.0 single sign-on (SSO) with any identity provider (IdP) that supports the SAML 2.0 protocol. This setup allows your users to authenticate with Adaptive using your external IdP.

Before You Start

Make sure you have:

  • Administrator access to your SAML-compliant IdP

  • Access to your Adaptive Admin Portal

  • A valid X.509 signing certificate from your IdP

Step 1: Open the SAML Configuration Page in Adaptive

  1. In your Adaptive Admin account, navigate to the Settings page and select the 'Authentication' tab.

  2. Select the '+ Add Option' button in the appropriate section (Admin App or Employee Training App). Select SAML2 from the option modal

    • As a reminder, if you want to set up SAML for both the Admin App and the Employee Training App you will need to set up a SAML connection in each section as they have different Entity IDs and Reply URLs

  3. From the configuration modal in Adaptive, copy the following values into your IdP’s SAML app configuration:

    1. SP Entity ID: This acts as the Audience URI in most IdPs.

      1. Example: https://admin-api.adaptivesecurity.com/saml2/service-provider-metadata/[your-unique-id]

    2. Reply URL (Assertion Consumer Service URL): This is also referred to as the ACS URL or Single Sign-On URL.

      1. Example: https://admin-api.adaptivesecurity.com/login/saml2/sso/[your-unique-id]

These values are specific to your instance. Copy and paste them exactly as shown in your admin dashboard.

Step 2: Configure Your Identity Provider

  1. In your IdP’s SAML application:

    1. Audience URI / Entity ID → Use the SP Entity ID

    2. ACS URL / Reply URL / SSO URL → Use the Reply URL

    3. Binding method → Select HTTP-POST if applicable

    4. NameID format → Use emailAddress

Step 3: Complete the SAML Setup in Adaptive + Test

1. Back in Adaptive, enter the following values from your IdP:

  • IDP Entity ID; Also called the Issuer, typically a URL identifying your IdP.

  • Login URL; The URL Adaptive should redirect users to for authentication.

  • Verification Certificate: Paste your IdP’s X.509 certificate, including the full header and footer:

-----BEGIN CERTIFICATE-----
(Your certificate content)
-----END CERTIFICATE-----

2. Click Save.

3. Log out and return to the login page for the application you configured (either https://app.adaptivesecurity.com/login or https://admin.adaptivesecurity.com/login

4. Enter your email and click Continue with Company Login (note: you must have a user record in the application you are trying to log in to)

JumpCloud Setup Process

Coming Soon

Did this answer your question?