From 7a08da944272e2f61d5d143f22358977d242c851 Mon Sep 17 00:00:00 2001 From: Henning Perl Date: Tue, 10 Dec 2024 13:54:05 +0100 Subject: [PATCH] document native SAML --- docs/kratos/organizations/organizations.mdx | 43 +++++++++++++++------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index a8b994750..bd46eb045 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -247,28 +247,47 @@ organization. ## SAML SAML (Security Assertion Markup Language) is an XML-based open standard used for exchanging authentication and authorization data -between parties. -The SAML integration in Ory Network uses the B2B Organization feature. +between parties. The SAML integration in Ory Network uses the B2B Organization feature. -This guide will walk you through the steps required to set up SAML Single Sign-On (SSO) with Ory Network using BoxyHQ as your SAML -provider. +### SAML via Ory Network -### Prerequisites +This guide will walk you through the steps required to set up SAML Single Sign-On (SSO) with Ory Network. -Before proceeding, ensure you have the following: +#### Prerequisites -- Access to [Ory Network](https://console.ory.sh/) -- An active account with [BoxyHQ](https://app.eu.boxyhq.com/auth/join) -- [Ory CLI](../../guides/cli/installation) +Before proceeding, ensure you are on a plan that supports SAML SSO. SAML is available exclusively on select Enterprise plans. +[Contact us](https://www.ory.sh/contact/) if you need SAML support. + +1. Go to to create an organization. +2. Select "Add a new Enterprise SAML SSO connection" and follow the instructions to configure the SAML connection. Fill out the + following form fields: + + - **Label**: A descriptive name for the SAML connection. This will be displayed to users. + - **Data mapping**: A mapping from the SAML attributes to Ory's identity schema. + - **Raw IDP metadata XML**: The XML metadata file from your SAML Identity Provider (IdP). + +3. Navigate to your login screen to test the SAML connection. + +The SAML application callback URL to set at our SAML Identity Provider is: `https://api.console.ory.sh/saml/api/oauth/saml` + +### SAML via BoxyHQ :::note -If you need help with the integration or have any questions, please open a [support ticket](https://console.ory.sh/support) or -reach out to support@ory.sh. +Before Ory Network had native SAML support, BoxyHQ was the recommended way to set up SAML SSO. The integration is still supported, +although we recommend using the native SAML support in Ory Network for new projects. ::: -### Configuration +#### Prerequisites + +Before proceeding, ensure you have the following: + +- Access to [Ory Network](https://console.ory.sh/) +- An active account with [BoxyHQ](https://app.eu.boxyhq.com/auth/join) +- [Ory CLI](../../guides/cli/installation) + +#### Configuration To set up the integration, you'll need to get your Ory Network session token: