Skip to content

Commit 70bb540

Browse files
clairekinde11clairekinde11
authored
Merge pull request #388 from kinde-oss/Feat/Sign-in-URL
Feat/sign in url
2 parents 064055d + 47bbf3f commit 70bb540

File tree

5 files changed

+41
-37
lines changed

5 files changed

+41
-37
lines changed

src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,13 @@ You can make a connection available only to a specific organization, or you can
3535

3636
1. Go to **Settings > Environment > Authentication**.
3737
2. Scroll to the **Enterprise connection** section and select **Add connection**. The **Add connection** window opens.
38-
3. Select the Cloudflare connection and then select **Save**.
39-
4. On the tile for the new connection, select **Configure**.
40-
5. Next: 'Step 2: Configure the connection'.
38+
3. Select the Cloudflare connection and then select **Next**.
39+
4. Next: 'Step 2: Configure the connection'.
4140

4241
## Step 2: Configure the connection
4342

4443
1. Enter a random string value for Entity ID, for e.g. `870sa9fbasfasdas23aghkhc12zasfnasd`.
45-
2. Complete any optional fields you want, including key attributes. You'll add the IdP Metadata URL later.
44+
2. Complete any optional fields you want, including key attributes. You'll add the IdP Metadata URL later. You only need to enter a **sign in URL** if your IdP requires a specific URL.
4645
3. Add **Home realm domains**. We recommend adding these to speed up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
4746
4. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
4847
5. Copy the **Assertion Customer Service (ACS) URL** and the Entity ID somewhere you can access it later. You’ll need this to set up your Cloudflare application.

src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,8 @@ You can make a connection available only to a specific organization, or you can
3131

3232
1. Go to **Settings > Environment > Authentication**.
3333
2. Scroll to the **Enterprise connection** section and select **Add connection**. The **Add connection** window opens.
34-
3. Select the connection type you want and then select **Save**.
35-
4. On the tile for the new connection, select **Configure**.
36-
5. Next: 'Step 2: Configure the connection'.
34+
3. Select the connection type you want and then select **Next**.
35+
4. Next: 'Step 2: Configure the connection'.
3736

3837
## Step 2: Configure the connection
3938

@@ -43,15 +42,16 @@ You can make a connection available only to a specific organization, or you can
4342

4443
![connection window](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/4fa556a1-7f8e-4926-d7ef-a274409e7700/public)
4544

46-
7. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
47-
8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
48-
9. Scroll down and copy the **ACS URL**. Paste the URL somewhere you can access it later.
45+
4. Complete any optional fields you want, including key attributes. You only need to enter a **sign in URL** if your IdP requires a specific URL.
46+
5. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
47+
6. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
48+
7. Scroll down and copy the **ACS URL**. Paste the URL somewhere you can access it later.
4949

5050
![ACS URL field in config](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/c2201994-75d8-44a9-1ced-d3890e359300/public)
5151

52-
10. Select provisioning options.
53-
11. Add a signed certificate and key if you have it. You can also do this later.
54-
12. Select **Save**. We need to get some information from Google Workspace Console to complete these fields.
52+
8. Select provisioning options.
53+
9. Add a signed certificate and key if you have it. You can also do this later.
54+
10. Select **Save**. We need to get some information from Google Workspace Console to complete these fields.
5555

5656
## Step 3: Configure Google Workspace Admin Console
5757

src/content/docs/authenticate/enterprise-connections/custom-saml.mdx

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,8 @@ You can obtain the certificate and key from your IdP or you can generate yoursel
4949

5050
1. Go to **Settings > Environment > Authentication**.
5151
2. Scroll to the **Enterprise connection** section and select **Add connection**. The **Add connection** window opens.
52-
3. Select the connection type you want and then select **Save**.
53-
4. On the tile for the new connection, select **Configure**.
54-
5. Next: 'Step 2: Configure the connection'.
52+
3. Select the connection type you want and then select **Next**.
53+
4. Next: 'Step 2: Configure the connection'.
5554

5655
## Step 2: Configure the connection
5756

@@ -61,26 +60,28 @@ You can obtain the certificate and key from your IdP or you can generate yoursel
6160

6261
![SAML configuration screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/740dba80-b1a3-410e-f03b-c07e9261f000/public)
6362

64-
4. If Microsoft is your provider and your app is a bit older, you may need to add spn: to the beginning of the Entity ID string in Kinde, e.g. `spn:5836g209gbhw09r8y0913`. This is not required for newly created apps.
63+
4. If Microsoft is your provider and your app is a bit older, you may need to add `spn:` to the beginning of the **Entity ID** string in Kinde, e.g. `spn:5836g209gbhw09r8y0913`. This is not required for newly created apps.
6564
5. Enter the **IdP metadata URL**. This URL comes from your identity provider.
66-
6. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
67-
7. Enter any relevant **Home realm domains**. This is how SAML recognizes a user’s credentials and routes them to the correct sign in page. Note that home realm domains need to be unique across all connections in an environment. [Read more about home realm domains](/authenticate/enterprise-connections/home-realm-discovery/).
65+
6. Enter a **sign in URL** if your IdP requires a specific URL.
66+
7. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
67+
8. (Optional) add a first name and last name attribute.
68+
9. Enter any relevant **Home realm domains**. This is how SAML recognizes a user’s credentials and routes them to the correct sign in page. Note that home realm domains need to be unique across all connections in an environment. [Read more about home realm domains](/authenticate/enterprise-connections/home-realm-discovery/).
6869

6970
![Second part of SAML config screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/db4586e4-5097-4d71-b984-c8716195bc00/public)
7071

71-
8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
72+
10. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
7273

73-
9. Copy the **ACS URL**, which is also known as a reply URL. This will need to be copied to the relevant area of your identity provider configuration.
74-
10. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
75-
11. (Optional) In the **Sign SAML request** section, paste in the **Signed certificate** and **Private key**. You may have got these from your IdP or you may have generated yourself (see procedure above).
76-
12. Switch on the connection. This will make it instantly available to users if this is your production environment.
74+
11. Copy the **ACS URL**, which is also known as a reply URL. This will need to be copied to the relevant area of your identity provider configuration.
75+
12. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
76+
13. (Optional) In the **Sign SAML request** section, paste in the **Signed certificate** and **Private key**. You may have got these from your IdP or you may have generated yourself (see procedure above).
77+
14. Switch on the connection. This will make it instantly available to users if this is your production environment.
7778
1. For environment-level connections, scroll down and select the apps that will use the auth method.
7879
2. For organization-level connections, scroll down and select if you want to switch this on for the org.
79-
13. Select **Save**.
80+
15. Select **Save**.
8081

8182
Next: Complete any additional configuration in your identity provider’s settings, such as adding the **Entity ID** and **ACS URL**.
8283

83-
## Test the connection
84+
## Step 3: Test the connection
8485

8586
Once you have entered the ACS URL in your identity provider, the connection should be enabled.
8687

src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -60,16 +60,19 @@ You can make a connection available only to a specific organization, or you can
6060

6161
2. For the **Entity ID**, enter a random string like `hEb876ZZlkg99Dwat64Mnbvyh129`. Make a copy of the string as you will add this to your SAML application later. Note that some older Entra ID tenants require the Entity ID to have a prefix of `spn:` If your connection fails, this could be why.
6262
3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.
63-
4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
63+
4. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
64+
5. (Optional) Add a first name and last name attribute.
65+
6. Enter a **sign in URL** if your IdP requires a specific URL.
66+
7. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
6467
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
6568

6669
![SAML configuration screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/79c7b045-d391-47a0-ee77-a2c3cbb78c00/public)
6770

68-
5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
69-
6. Copy the ACS URL, you will need this for the SAML provider app.
70-
7. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
71-
8. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
72-
9. Select **Save**.
71+
8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
72+
9. Copy the ACS URL, you will need this for the SAML provider app.
73+
10. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
74+
11. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
75+
12. Select **Save**.
7376

7477
## Step 3: Create and configure an Entra ID enterprise application
7578

src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,14 +41,15 @@ You need to set up an enterprise connection in Kinde for this, and add an Okta a
4141
![Okta connection config window](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/6b54c794-6f5a-4e9b-61fa-7c8a81f3a000/public)
4242

4343
3. Complete any optional fields you want, including the key attributes. You'll add the IdP Metadata URL later.
44-
4. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
44+
4. Enter a **sign in URL** if your IdP requires a specific URL.
45+
5. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
4546

4647
![Okata config window with HRD](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/20fc0aa1-0516-45b9-ff38-3a5e0c281700/public)
4748

48-
5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
49-
6. Copy the **Assertion Customer Service (ACS) URL** and the Entity ID somewhere you can access it later. You’ll need this to set up your Okta application.
50-
7. Select provisioning options.
51-
8. Select **Save**.
49+
6. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
50+
7. Copy the **Assertion Customer Service (ACS) URL** and the Entity ID somewhere you can access it later. You’ll need this to set up your Okta application.
51+
8. Select provisioning options.
52+
9. Select **Save**.
5253

5354
## Step 3: Add and configure your Okta application
5455

0 commit comments

Comments
 (0)