Skip to content

SAML Setup

SAML (Security Assertion Markup Language) allows your organization to integrate Devici with an external Identity Provider (IdP) to enable Single Sign-On (SSO).

This guide explains where to configure SAML in Devici and how to complete the required setup with your identity provider.

Overview

SAML enables centralized authentication by allowing users to sign in to Devici using their corporate identity provider, such as:

  • Okta
  • Microsoft Entra ID (Azure AD)
  • Other SAML 2.0–compatible providers

SAML configuration is managed by administrators and applies at the organization level.

Accessing SAML Settings

To access SAML configuration:

  1. From the main Devici interface, select the Security icon.
  2. Choose Manage SAML.

The SAML configuration settings will open in the management panel.

SAML Configuration Settings

The following values are required to configure SAML between Devici and your Identity Provider.

Entity ID

The Entity ID is the unique identifier that represents Devici as a Service Provider (SP) to your Identity Provider.

  • This value is generated by Devici
  • Copy the Entity ID from the Devici SAML configuration screen
  • Paste it into the corresponding field in your IdP

ACS URL (Assertion Consumer Service URL)

The ACS URL (also called the Reply URL) is the endpoint where Devici receives authentication assertions from the IdP.

  • Copy the ACS URL provided by Devici
  • Paste it into the IdP SAML configuration
  • This value must match exactly

Logout Flow

To support SAML logout:

  • Copy the logout URL provided by Devici
  • Add it to the logout configuration in your Identity Provider

This ensures users are logged out consistently across systems.

Metadata

SAML metadata defines how Devici and the IdP communicate.

  • Request the SAML metadata from your Identity Provider
  • Provide the metadata to Devici as either:
  • A metadata URL, or
  • An XML metadata file

This metadata contains certificates, endpoints, and protocol details.

Attribute Mapping

Attribute mapping connects identity provider user fields to Devici user fields.

Common mappings include:

  • Email → email address
  • First name → given name
  • Last name → family name

Mappings must align with the fields provided by your IdP.

Domain Identifiers

To route users directly to your Identity Provider’s login page:

  • Add one or more email domains (1–50 supported)
  • Example:
  • federated_user@company-domain.com
  • Domain: company-domain.com

Users with matching domains will be redirected to your IdP instead of the standard Devici login screen.

IdP-Initiated Sign-In (Optional)

Devici supports Identity Provider (IdP)-initiated sign-in, allowing users to start authentication directly from their IdP portal instead of navigating to the Devici login page.

Availability

IdP-initiated sign-in is not enabled by default.

At this time, this capability must be enabled by Devici Support.

How to Enable

To request IdP-initiated sign-in:

  1. Complete the standard SAML configuration in Devici.
  2. Contact Devici Support via the Support Portal and request enablement of IdP-initiated SAML sign-in for your organization.

  3. Provide the following information:

  4. Your organization name

  5. Your Identity Provider
  6. Confirmation that SAML setup has been completed

Once enabled, Devici will validate the configuration and confirm when IdP-initiated sign-in is active.

Notes and Considerations

  • IdP-initiated sign-in is commonly used for centralized access portals and dashboards.
  • Service Provider (SP)-initiated sign-in (starting from the Devici login page) remains supported.
  • Domain identifiers are still recommended to ensure predictable routing behavior.

If you are unsure whether IdP-initiated sign-in is appropriate for your organization, contact Devici Support for guidance.

Advanced Settings (Optional)

Additional encryption options are available for SAML assertions.

If enabled:

  1. Submit the SAML configuration in Devici.
  2. Download the encryption certificate provided by Devici.
  3. Upload the certificate to your Identity Provider configuration.

This step is optional but recommended for higher security requirements.

Importing Federated Users

After SAML configuration is complete, federated users must be imported into Devici.

To import users:

  1. Export user data from your Identity Provider.
  2. Upload the user list as a CSV file in Devici.

This step creates user accounts tied to federated identities.

Best Practices

  • Ensure attribute mappings match IdP claims exactly
  • Use domain identifiers to streamline login flow
  • Keep metadata and certificates up to date

SAML integration helps centralize identity management while maintaining secure access to Devici.