If your identity provider is not listed in our specific guides, you can use this generic SAML 2.0 setup guide. Most enterprise identity providers support SAML 2.0.
Service Provider Information
Configure ViksaAI as a Service Provider in your IdP using these values:
| SP Entity ID | https://viksaai.com/saml/metadata |
| ACS URL | https://api.viksaai.com/auth/auth/sso/saml/callback |
| Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Binding | HTTP-POST |
| Metadata URL | https://api.viksaai.com/auth/auth/sso/saml/metadata |
Required from Your IdP
You will need the following information from your identity provider:
The unique identifier for your identity provider
The login URL where users are redirected (HTTP-Redirect binding)
The public certificate for signature verification (PEM format)
Required Attributes
Configure your IdP to send these attributes in the SAML assertion:
| Attribute | Required | Description |
|---|---|---|
email | Yes | User's email address |
first_name | Recommended | User's first name |
last_name | Recommended | User's last name |
groups | Optional | Group memberships for role mapping |
Configuration Steps
Create SAML application in your IdP
Use the SP information above to configure ViksaAI as a service provider
Configure attribute mappings in your IdP
Map user attributes to the names listed above
Copy IdP metadata
Get the Entity ID, SSO URL, and certificate from your IdP
Configure ViksaAI
Go to Settings → SSO and enter your IdP information
Verify domain and enable
Complete domain verification, test the connection, and enable SSO
Troubleshooting
Signature verification failed
Ensure you've copied the complete X.509 certificate including the BEGIN and END lines.
User email not found
Make sure your IdP is sending the email attribute. Check the attribute name matches our expected format.
Assertion expired
Check that the clocks on your IdP server and ViksaAI are synchronized. We allow up to 2 minutes of clock skew.