Foresty supports SAML as a single sign-on solution. Multiple identity providers can be set up and enabled concurrently, allowing for easy certificate rotation.
Supported Identity Providers
- Ping Identity
- Azure Active Directory
Other identity providers can be configured, however official setup guides are not yet available.
- Teams (for Cloud Enterprise, as a list of TeamIDs)
- Memberships (for Private Enterprise, in the format of OrganizationID/TeamID)
MemberOf are not used by Forestry but may still be sent.
The NameID format used by Forestry is
Debugging mode, useful when configuring a new identity provider, shows extended error messages and parsed attributes. It can be enabled within the identity provider settings page.
Organization admins can setup identity providers through the organization settings.
Fields within the
Identity Provider Settings should be configured using your existing SAML settings values.
After the provider has been created within Forestry, fields in the
Service Provider Info section will need to be added to your SAML provider settings.
enabled is toggled on when you are ready to use the SAML provider.
From the login screen, after you click
Sign in with SAML SSO, the user will be prompted to enter their subdomain.
If only one SAML provider is configured within Forestry, it will immediately authenticate through SSO.
If multiple identity providers are configured, the user will choose their desired SAML provider
Caught a mistake or want to contribute to the docs? Edit this page on Github!