Update custom-saml.mdx

clairekinde11 · web-flow · commit ab8080d1e3d8 · 2025-04-04T15:35:39.000+11:00
Update for sign in url
diff --git a/src/content/docs/authenticate/enterprise-connections/custom-saml.mdx b/src/content/docs/authenticate/enterprise-connections/custom-saml.mdx
@@ -49,9 +49,8 @@ You can obtain the certificate and key from your IdP or you can generate yoursel
 
 1. Go to **Settings > Environment > Authentication**.
 2. Scroll to the **Enterprise connection** section and select **Add connection**. The **Add connection** window opens.
-3. Select the connection type you want and then select **Save**.
-4. On the tile for the new connection, select **Configure**.
-5. Next: 'Step 2: Configure the connection'.
+3. Select the connection type you want and then select **Next**.
+4. Next: 'Step 2: Configure the connection'.
 
 ## Step 2: Configure the connection
 
@@ -61,26 +60,28 @@ You can obtain the certificate and key from your IdP or you can generate yoursel
 
    ![SAML configuration screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/740dba80-b1a3-410e-f03b-c07e9261f000/public)
 
-4. If Microsoft is your provider and your app is a bit older, you may need to add spn: to the beginning of the Entity ID string in Kinde, e.g. `spn:5836g209gbhw09r8y0913`. This is not required for newly created apps.
+4. If Microsoft is your provider and your app is a bit older, you may need to add `spn:` to the beginning of the **Entity ID** string in Kinde, e.g. `spn:5836g209gbhw09r8y0913`. This is not required for newly created apps.
 5. Enter the **IdP metadata URL**. This URL comes from your identity provider.
-6. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
-7. Enter any relevant **Home realm domains**. This is how SAML recognizes a user’s credentials and routes them to the correct sign in page. Note that home realm domains need to be unique across all connections in an environment. [Read more about home realm domains](/authenticate/enterprise-connections/home-realm-discovery/).
+6. Enter a **sign in URL** if your IdP requires a specific URL.
+7. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
+8. (Optional) add a first name and last name attribute.
+9. Enter any relevant **Home realm domains**. This is how SAML recognizes a user’s credentials and routes them to the correct sign in page. Note that home realm domains need to be unique across all connections in an environment. [Read more about home realm domains](/authenticate/enterprise-connections/home-realm-discovery/).
 
    ![Second part of SAML config screen](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/db4586e4-5097-4d71-b984-c8716195bc00/public)
 
-8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. 
+10. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. 
 
-9. Copy the **ACS URL**, which is also known as a reply URL. This will need to be copied to the relevant area of your identity provider configuration.
-10. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
-11. (Optional) In the **Sign SAML request** section, paste in the **Signed certificate** and **Private key**. You may have got these from your IdP or you may have generated yourself (see procedure above).
-12. Switch on the connection. This will make it instantly available to users if this is your production environment.
+11. Copy the **ACS URL**, which is also known as a reply URL. This will need to be copied to the relevant area of your identity provider configuration.
+12. If you want to enable just-in-time (JIT) provisioning for users, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
+13. (Optional) In the **Sign SAML request** section, paste in the **Signed certificate** and **Private key**. You may have got these from your IdP or you may have generated yourself (see procedure above).
+14. Switch on the connection. This will make it instantly available to users if this is your production environment.
     1. For environment-level connections, scroll down and select the apps that will use the auth method.
     2. For organization-level connections, scroll down and select if you want to switch this on for the org. 
-13. Select **Save**.
+15. Select **Save**.
 
 Next: Complete any additional configuration in your identity provider’s settings, such as adding the **Entity ID** and **ACS URL**.
 
-## Test the connection
+## Step 3: Test the connection
 
 Once you have entered the ACS URL in your identity provider, the connection should be enabled.
 
