API References

API Links

API Specification Management

Assets

Documentation Projects

Organization

Roles

SDK Generation

Service Accounts

Users

Setup SSO with Group Mapping

Setting up SSO

The Sideko team will provide a link to a wizard for creating an SSO connection. The following guide is similar to the content that exists in the wizard.

Step 1: Create Enterprise Application

Select "Enterprise applications" from your Entra ID dashboard.

Click "New application" and continue.

Select "Create your own application", then enter an App name that describes demo.workos.com. Under "What are you looking to do with your application?", select "Integrate any other application you don't find in the gallery (Non-gallery)", then select "Create".

Next, select "Single Sign-On" from the "Manage" section in the left sidebar navigation menu, and then "SAML".

✅ I've created a SAML Enterprise Application

Step 2: Basic SAML Configuration

Click the Edit icon in the top right of the first step.

Copy the Identifier (in wizard)

Copy the Reply URL (in wizard)

Submit the Identifier and the Reply URL in the Basic SAML Configuration.

✅ I've completed my Basic SAML Configuration.

Step 3: User Attributes & Claims

Click the Edit icon in the top right of the second step.

Fill in the following Attribute Statements by entering the claim name in the "Name" field and the value in the "Source attribute" field. Select "Next":

Claim name

emailaddress → user.mail

givenname → user.givenname

name → user.userprincipalname

surname → user.surname

Make sure the "Namespace" value ends in /claims.

✅ I've configured the User Attributes & Claims.

Step 4: Assign People & Groups

In order for your users and groups of users to be synced to demo.workos.com you will need to assign them to your Entra ID SAML Application. Select "Users and groups" from the "Manage" section of the navigation menu.

Select "Add user/group" from the top menu.

Select "None selected" under the "Users and Groups". In the menu, select the users and groups of users that you want to add to the SAML application, and click "Select".

Create the following groups with exact spelling / capitalization

Sideko Admin
Sideko Manager
Sideko Member

Select "Assign" to add the selected users and groups of users to your SAML application.

✅ I've completed my assignments.

Step 5: Upload IdP Metadata

Navigate down to Section 3 of the "Single Sign-On" page, to "SAML Signing Certificate". Copy the URL provided in "App Federation Metadata URL".

Provide the Metadata URL you copied below. (paste in wizard)

✅ I've copied the Metadata URL

Step 6: Create a test connection (required)

Click the button to create a test connection. This is a required step to finalize the SSO link.

✅ I've tested the connection

Group Mapping

Create the following groups in your identity provider service

Sideko Admin
- Admins can perform user provisioning / read audit logs
Sideko Manager
- Managers can create projects, invite users, and assign roles to users within projects
Sideko Member
- Members can only act according to role they are assigned in any project

Start here

Get in touch

Creating SDKs

Creating Documentation

Documentation Components

Managing APIs

Organizations

Roles & Permissions