SAML2.0 Configuration

Enabling SSO for Currents - manual SAML2.0 configuration

Define the following SAML2.0 configuration on your Identity Provider:

Call-back URL / ACS URL: https://auth.currents.dev/saml2/idpresponse
Audience / Entity ID: urn:amazon:cognito:sp:us-east-1_Z9TVEnj0k
NameID format (nameIdentifierFormat)
- must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- limited to 128 characters
- the value must be lowercase format (see below)

SAML Attribute Mapping

IdP Attribute

SAML Response Attribute

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Full Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Username (usually Email)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/identifier

Prefer sending Email in lowercase, to ensure correct integration
Username must match the NameID (Email or Username)
Metadata XML must have HTTP-POST and HTTP-Redirect bindings, for example:

<md:SingleSignOnService
    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Location="https://sso.jumpcloud.com/saml2/currents"
/>
<md:SingleSignOnService
    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
    Location="https://sso.jumpcloud.com/saml2/currents"
/>

Once you configured the IdP, contact Currents support via in-app chat or email, and provide the following details:

IdP Metadata or publicly available metadata document endpoint URL
Domains list that your organization members will use to access the dashboard (for example user@example.com)

Currents does not guarantee correct SSO operation when your IdP uses mixed-case format for emails and/or domains. Ensure that your system is either sending lowercase NameID and Email , or be prepared to verify mixed-case users during SSO setup verification.

See Troubleshooting SSO.

PreviousSSO SAML2.0 NextSCIM User Provisioning

Last updated 4 days ago

Was this helpful?