Setting up SAML Single Sign-On (SSO) with ThoughtRiver
We support SAML 2.0 Single Sign-On (SSO) integration, allowing your users to securely log in to ThoughtRiver using your existing identity provider (IdP). In this setup, ThoughtRiver acts as the Service Provider (SP), and your organization’s identity platform (e.g., Azure AD, Okta, Ping Identity, etc.) acts as the Identity Provider (IdP).
Note: All users logging in via SAML must already exist in the ThoughtRiver platform.
To set up the integration, we need the following:
- X.509 Public Certificate in PEM format
- SAML Login URL (the redirect for authentication requests)
- SAML Logout URL (optional)
- Request Signing Details:
- Whether your IdP requires SAML request signing
- Signature algorithm (e.g., RSA-SHA256)
- Digest method
- Binding method (Redirect or POST)
- Email Domain(s) of users who will use SAML
What We'll Provide
Once we receive the required information, we’ll configure the integration and provide you with the following:
- Assertion Consumer Service (ACS) URL (Callback URL):
- Entity ID (SP Issuer)
Next Steps
- Share the required information listed above with your ThoughtRiver representative.
- We’ll set up the connection and test SSO with a user from your domain.
- Once confirmed, your users will be able to log in via your identity provider.
If you have any questions or experience issues during setup, please contact our support team or your ThoughtRiver Customer Success Manager.