Skip to main content

Guide: Access the SlashID Console with SSO

To allow your team members to sign in to the SlashID Console using Single Sign-On (SSO), you must register credentials that identify and authenticate users via SAML or OIDC during login flows.

This guide walks you through the required configuration steps.

Before you begin

caution

This feature is not enabled by default. Contact the SlashID team to enable it for your organization.

Registering credentials

Configuration is managed on the Console Home Realm Discovery page, where you can register either OIDC or SAML credentials.

OIDC credentials

Registering OIDC credentials for Console SSO follows the same process used for configuring applications with supported identity providers. For detailed steps, refer to the SSO setup guide.

SAML credentials

To configure SAML credentials, you’ll need:

  • the metadata URL for your SAML Identity Provider (IdP)
  • the name of the claim in the SAML response that contains the user’s email address (the first match will be used)

Configuration steps may vary depending on your IdP. Below is an example using OneLogin.

Example: OneLogin SAML Integration

  1. From the OneLogin dashboard, create a new SAML Custom Connector (Advanced) application.

OneLogin - SAML Custom Connector

  1. Navigate to the SSO tab of the newly created application and copy the Issuer URL (IdP metadata URL).

OneLogin - SAML Custom Connector Metadata

  1. In SlashID Console > Settings > Home realm discovery, create a new SAML credential pasting the copied Issuer URL in the IdP metadata URL field.

After the new SAML credential is created, copy and store the SAML Client Credentials ID. This will be used to configure the SAML application in OneLogin in the following steps.

OneLogin - SAML Credentials

  1. In the OneLogin dashboard, return to the SAML connector application you created in step 1. Go to the Configuration tab of the app and fill in the following fields replacing {CREDENTIALS_ID} with the SAML Client Credentials ID value you copied in step 3:

    • Audience (EntityID): https://api.slashid.com/saml/{CREDENTIALS_ID}/metadata
    • Recipient: https://api.slashid.com/saml/{CREDENTIALS_ID}/acs
    • ACS (Consumer) URL Validator: ^https://api.slashid.com/saml/{CREDENTIALS_ID}/acs$
    • ACS (Consumer) URL: ^https://api.slashid.com/saml/{CREDENTIALS_ID}/acs$
    • Login URL: https://console.slashid.dev/login

OneLogin - SAML Config

Once you save the changes, your team members will be able to access the SlashID Console using SSO via OneLogin. If you encounter any issues during setup, contact the SlashID support team.