No results

Single sign-on using SAML

If your organization uses centralized (federated) user identity management you can connect your Identity Provider (IdP) to Papyrs (the Service Provider) for Single Sign-on. Security Assertion Markup Language (SAML) is an open standard supported by all major identity platforms. This includes cloud identity providers such as OneLogin, Auth0, Okta (integration guide), Azure AD, as well as modern on-premise Identity Providers.

SAML based Single Sign-on can be used in addition to – or instead of – regular password-based logins. Papyrs SAML can also be used alongside Google Suite Single Sign-onSlack Single Sign-on, and AD Single Sign-on.

Connect Papyrs with SAML 2.0 to Microsoft Azure AD

Works with Office 365 and with MS Teams.

  1. In the Azure portal, on the left navigation panel, select Azure Active Directory.
  2. Select App Registrations and click New registration
  3. Choose a suitable name (e.g. "Papyrs Connector") and for the redirect URI fill out https://yoursite.papyrs.com/accounts/saml/acs/. Click save
  4. In the new Registration select overview on the left navigation panel and copy the Application (client) ID and Directory (tenant) ID to the form on https://yoursite.papyrs.com/settings/saml/msad/. Save and you're set!


  • Application and Client ID in Azure Portal

Papyrs AD FS with SAML 2.0

Auth0 authentication

Setting up Auth0 single sign-on is very simple. It takes just a few minutes. See screenshots below.
  • First create a new Auth0 application
I named the application "Papyrs connector". Select "Regular web application". You can skip the "quick-start" steps. The defaults are fine for everything.
  • Let's enable "SAML 2 Web app"
  • Replace "yoursite" with your subdomain. Then click "Enable" at the bottom of the dialog.
  • Download the metadata xml
The last step is to upload the metadata XML to Papyrs at https://yoursite.papyrs.com/settings/saml/.

Click "Save SAML connection" and you're all done.

Tip: on your Papyrs Site Settings page you can enable "Allow joining without invitation?" to automatically add Auth0 users to some Papyrs subsites when they log in for the first time.
 
Table of contents