SAML2.0 Configuration

Enabling SSO for Currents - manual SAML2.0 configuration

Define the following SAML2.0 configuration on your Identity Provider:

  • Call-back URL / ACS URL: https://auth.currents.dev/saml2/idpresponse

  • Audience / Entity ID: urn:amazon:cognito:sp:us-east-1_Z9TVEnj0k

  • NameID format (nameIdentifierFormat)

    • must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

    • limited to 128 characters

    • the value must be lowercase format (see below)

SAML Attribute Mapping

IdP Attribute
SAML Response Attribute

Email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Full Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Username (usually Email)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/identifier

  • Prefer sending Email in lowercase, to ensure correct integration

  • Username must match the NameID (Email or Username)

  • Metadata XML must have HTTP-POST and HTTP-Redirect bindings, for example:

<md:SingleSignOnService
    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Location="https://sso.jumpcloud.com/saml2/currents"
/>
<md:SingleSignOnService
    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
    Location="https://sso.jumpcloud.com/saml2/currents"
/>

Sharing SAML Configuration

Once you configured the IdP, contact Currents support via in-app chat or email, and provide the following details:

  • IdP Metadata or publicly available metadata document endpoint URL

  • Domains list that your organization members will use to access the dashboard (for example user@example.com)

Last updated

Was this helpful?