SAML2.0 Configuration
Enabling SSO for Currents - manual SAML2.0 configuration
Define the following SAML2.0 configuration on your Identity Provider:
Call-back URL / ACS URL:
https://auth.currents.dev/saml2/idpresponse
Audience / Entity ID:
urn:amazon:cognito:sp:us-east-1_Z9TVEnj0k
NameID
format (nameIdentifierFormat
)must be
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
limited to 128 characters
the value must be lowercase format (see below)
SAML Attribute Mapping
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Full Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Username (usually Email)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/identifier
Prefer sending
Email
in lowercase, to ensure correct integrationUsername
must match theNameID
(Email or Username)Metadata XML must have
HTTP-POST
andHTTP-Redirect
bindings, for example:
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://sso.jumpcloud.com/saml2/currents"
/>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://sso.jumpcloud.com/saml2/currents"
/>
Sharing SAML Configuration
Once you configured the IdP, contact Currents support via in-app chat or email, and provide the following details:
IdP Metadata or publicly available metadata document endpoint URL
Domains list that your organization members will use to access the dashboard (for example user@example.com)
Currents does not guarantee correct SSO operation when your IdP uses mixed-case format for emails and/or domains. Ensure that your system is either sending lowercase NameID
and Email
, or be prepared to verify mixed-case users during SSO setup verification.
See Troubleshooting SSO.
Last updated
Was this helpful?