All Collections
Getting Started with Mutiny
Setting up Mutiny on your SAML idP
Setting up Mutiny on your SAML idP

Mutiny allows you to use SAML in order to authenticate users.

Updated over a week ago

⚠️ The following feature is available for enterprise customers only.

Security Assertion Markup Language (SAML) is an XML standard to help exchange user authentication. Below, we’ll go through the steps necessary to set up Mutiny on your SAML identity provider (idP).

Requesting information from Mutiny

The first step is to set up Mutiny in your SAML idP. In order to do that, you’ll first need some information from Mutiny. To request this information, please email support@mutinyhq.com.

  • SP Metadata URL

  • Single Sign-on URL (ACS)

  • Direct Login URL

When setting up a new service provider, the information you need depends on your specific idP. Below are general instructions for two common flows.

Setup with your SP Metadata URL

If your idP supports configuring a service provider with metadata, you can use your unique SP Metadata URL in order to import your settings. If your idP needs the Metadata XML, visit the SP Metadata URL in your browser and copy the XML content.

Please note that some idPs may not automatically include all the required user attributes needed by Mutiny to create an account, so please confirm that the SAML attributes match up with the attribute statements described in the manual setup below.

Setup manually

When adding the service provider configuration manually you will need the following information:

  • Single Sign-on URL (ACS): provided by Mutiny (above).

  • Audience URI (SP Entity ID): https://app.mutinyhq.com/sp

  • Name ID format: Email Address (this isn’t always the default on the idP, Mutiny requires an email as the unique identifier)

  • Username: Email. If applicable, ensure that the id/username sent for the user is actually the email address.

Attribute Statements

Mutiny requires basic user information before creating an account. Please configure your idP to include the following custom SAML attributes:

Name

Name format

Value

Required?

urn:oasis:names:tc:SAML:2.0:attrname-format:uri

Email address

✔️

urn:oasis:names:tc:SAML:2.0:attrname-format:uri

Full name

*

urn:oasis:names:tc:SAML:2.0:attrname-format:uri

Given name

✔️

urn:oasis:names:tc:SAML:2.0:attrname-format:uri

Family name

✔️

*if a given name and family name are not provided, a full name can also be used if it contains both the given and family name.

Sending information to Mutiny

To complete the SAML setup, please provide the following information to Mutiny by sending it to support@mutinyhq.com.

  • The idP metadata URL which will usually be provided during or after your setup.

  • What email domains do you use at your company (e.g. mutinyhq.com at Mutiny)?

  • Would you like to force all users with your company email domains to use SAML? If this is the case, nobody will be allowed to log in using the email/password form or other OAuth providers (eg. Google).

  • Would you like to restrict access to your company’s Mutiny account to only the email domains you’ve provided? If this is the case, anyone logging in with SAML will only be allowed access if their email matches one of the domains.

  • Would you like to automatically provision new users? If this is the case, you will no longer need to manually invite users individually. Instead, they will automatically get access when they attempt to log in using SAML.


Don't be a stranger

If you have any questions, we’re here to help! Please feel free to contact us at any time, either through Intercom chat or via support@mutinyhq.com.

Did this answer your question?