Security

Single Sign-on (SSO)

Overview

Supermetal supports SAML 2.0-based Single Sign-on (SSO) for enterprise authentication. SSO allows organizations to:

  • Manage user access to Supermetal through their existing identity provider
  • Enforce consistent security policies across applications
  • Enable multi-factor authentication through your identity provider

Supported Identity Providers

Supermetal supports SAML 2.0 integration with any identity provider, including:

Configuration Process

To set up SSO with Supermetal, you'll need to configure both your identity provider and the Supermetal Web Console. You'll need these common settings regardless of which provider you use:

Supermetal Service Provider Details

Provide these values to your identity provider:

SettingValue
ACS URL / Callback URLhttps://console.supermetal.io/saml/callback
Entity ID / Audience URIhttps://console.supermetal.io
Start URL / Sign-on URLhttps://console.supermetal.io/login
Name ID FormatEmail Address

Identity Provider Details

You'll need to gather these values from your identity provider to configure Supermetal:

SettingDescription
SAML SSO URLThe endpoint where Supermetal will send authentication requests
SAML Entity IDThe unique identifier for your identity provider
X.509 CertificateThe certificate to verify SAML responses

Provider Configuration

Prerequisites

  • Super Admin access to your Google Workspace account
  • Administrator access to Supermetal

Google Workspace Configuration

  1. In your Google Admin console, go to Apps > Web and mobile apps > Add App > Search for SAML app.
  2. Select Add custom SAML app.
  3. Provide a name for the application (e.g., "Supermetal") and optionally upload the Supermetal logo.
  4. On the Service provider details screen, enter the Supermetal service provider details from the table above.
  5. For Name ID Format, select EMAIL.
  6. For Name ID, select Basic Information > Primary email.
  7. Download the SSO URL and certificate from Google Workspace.
  8. Assign the application to the appropriate users or organizational units.

Supermetal Configuration

  1. In the Supermetal Web Console, navigate to Account Settings > Authentication > Configure SSO.
  2. Enter the details from Google Workspace:
    • SAML SSO URL: The URL provided by Google
    • SAML Entity ID: The Entity ID provided by Google
    • X.509 Certificate: The certificate downloaded from Google
  3. Save the configuration.

Prerequisites

  • Global Administrator access to your Microsoft Entra ID
  • Administrator access to Supermetal

Microsoft Entra ID Configuration

  1. In the Microsoft Entra admin center, go to Enterprise applications > New application.
  2. Select Create your own application.
  3. Enter a name for the application (e.g., "Supermetal"), select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
  4. Under Set up single sign-on, select SAML.
  5. In the Basic SAML Configuration section, enter the Supermetal service provider details from the table above.
  6. In the User Attributes & Claims section, ensure that the NameID claim is set to user.mail or user.userprincipalname.
  7. Download the Federation Metadata XML file or note the Login URL, Azure AD Identifier, and Logout URL.
  8. Download the Certificate (Base64) from the SAML Signing Certificate section.
  9. Assign users and groups to the application.

Supermetal Configuration

  1. In the Supermetal Web Console, navigate to Account Settings > Authentication > Configure SSO.
  2. Enter the details from Entra ID:
    • SAML SSO URL: The Login URL from Entra ID
    • SAML Entity ID: The Azure AD Identifier
    • X.509 Certificate: The Base64 certificate downloaded from Entra ID
  3. Save the configuration.

Prerequisites

  • Administrator access to your Okta account
  • Administrator access to Supermetal

Okta Configuration

  1. In your Okta Admin Dashboard, go to Applications > Applications.
  2. Click Add Application > Create New App.
  3. Select Web as the platform and SAML 2.0 as the sign-on method.
  4. Enter a name for the application (e.g., "Supermetal").
  5. In the SAML Settings section, enter the Supermetal service provider details from the table above.
  6. For Name ID format, select EmailAddress.
  7. For Application username, select Email.
  8. Configure any additional attributes if needed.
  9. After saving, go to the Sign On tab of the application and click View Setup Instructions.
  10. Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and download the X.509 Certificate.
  11. Assign users to the application.

Supermetal Configuration

  1. In the Supermetal Web Console, navigate to Account Settings > Authentication > Configure SSO.
  2. Enter the details from Okta:
    • SAML SSO URL: The Identity Provider Single Sign-On URL from Okta
    • SAML Entity ID: The Identity Provider Issuer from Okta
    • X.509 Certificate: The X.509 Certificate downloaded from Okta
  3. Save the configuration.

Testing and Enabling SSO

After configuring SSO with your identity provider:

  1. In the Supermetal Web Console, navigate to Account Settings > Authentication > SSO Settings.
  2. Click Test Configuration to verify the integration works properly.
  3. Once testing is successful, enable SSO for your organization by selecting the appropriate option:
    • SSO Optional: Users can sign in with either SSO or username/password
    • SSO Required: All users must authenticate using SSO

Last updated on

On this page

OverviewSupported Identity ProvidersConfiguration ProcessSupermetal Service Provider DetailsIdentity Provider DetailsProvider ConfigurationPrerequisitesGoogle Workspace ConfigurationSupermetal ConfigurationPrerequisitesMicrosoft Entra ID ConfigurationSupermetal ConfigurationPrerequisitesOkta ConfigurationSupermetal ConfigurationTesting and Enabling SSO