SAML 2.0: AppFollow SSO

Updated 2 weeks ago by Mary Kulikova

AppFollow uses SAML 2.0 Compliant Version to provide Single Sing-On option. AppFollow performs as a service provider (SP), and your internal SSO service as an identity provider (IdP).

How to Set Up

IdP configuration

Configure these parameters in your IdP service:

  1. ACS URL: https://sso.appfollow.io/acs
  2. SP Entity ID: https://sso.appfollow.io/metadata/
  3. RelayState: the email associated with AppFollow owner
  4. Additional SAML attributes configuration:
  • Email: user's email
  • FirstName: user’s first name
  • LastName: user’s last name

After configuring parameters above your SSO-service should generate your IdP URL, IdP Entity ID and x.509 Public Certificate.

I can’t configure RelayState in my SSO-service

If your service doesn’t have a field for RelayState, you might have a field called “Target Url”. You can pass RelayState through it like that: https://sso.appfollow.io?email={{the email associated with AppFollow owner}}

Example of TargetUrl: https://sso.appfollow.io?email=owner@domain.com

Also you need to find in “Advanced settings” the option “Send RelayState without URL encoding” and turn it on.

SP configuration in AppFollow

Save the following parameters in AppFollow SSO settings https://watch.appfollow.io/settings/sso:

  • Entity ID: IdP Entity ID *if your service doesn’t provide IdP Entity ID - than copy the value of IdP URL here*
  • SAML SSO URL: IdP URL that was generated by your SSO service
  • Public Certificate: Your x.509 certificate
You can only get these parameters after setting up your IdP

Need help? Hit the chat button or give us a shout at help@appfollow.io, we're all ears!


How did we do?