Connect any Identity Provider or Single Sign-On service which uses the SAML standard with Sailthru.

If you wish to use SSO, have the following information ready and contact Support or your CSM. We’ll schedule a meeting with your and your team to activate SSO in real-time.

Connecting an Identity Provider or Single Sign-On service is a straightforward process. Sailthru needs the following pieces of information:

• SAML connection name
  • This is the name of the SAML connection that will be used by Sailthru. It should be in the format “saml-<companyname>” eg. saml-sailthru
• Identity Provider Single Sign-On URL (aka “SSO URL”, “SAML Endpoint”)
  • The actual URL used to configure the SAML connection
• X.509 Certificate
  • PKI certificate used to associate key pairs.

Your Identity Provider (IdP) should have documentation which walks you through how to set up a new application and to generate this information. However, we have provided guides for our most connected IdP services.

Note: If you’re using Single Sign-On in Sailthru and have an account created, you will need to create a Sailthru password. This is the only time you will need a password. Creating a password completes the account creation process. 

Note: If you’re looking for information on Multifactor Authentication, check the Multifactor Authentication hub.

Known Limitations

• The email value sent from the IdP must match the email address associated with the user within the Sailthru platform
  • If the Sailthru account is jblogs@sailthru.com then the IdP must pass back this email exactly as this value is used to identify the user in our system. E.g. if the IdP returns j.blogs@sailthru.com then we will not be able to log the users in.
• IdP-initiated authentication is not currently supported
  • Users cannot login to Sailthru via the IdPs dashboard
• While Sailthru can support IdP-initiated logout, not all IdPs support this functionality.
  • Logging out of your IdP may not log you out of Sailthru