Links

Organization settings

Your Organization settings are accessible from the top-right dropdown:

Overview tab

The overview tab gathers the basic settings of your Organization: here you'll be able to edit
  • its name
  • its logo
or delete it permanently.

Owners tab

In this tab you can manage your Organization Owners. Owners are simply users who have access to the Organization settings.
A user must belong to at least 1 project of the Organization to be invited as an Owner and will be automatically added as Admin on all projects of the Organization

Security tab

The Security tab is only available for the Plus plan or above
This tab gathers all security options of your Organization. For now you can only configure Single Sign-On (SSO).

Configuring SSO

To start configuring SSO for your Organization, click on "Configure Single Sign-On":
You'll first need to declare Forest Admin in your Identity Provider using the information in the grey panel:
Forest Admin supports SAML v2 (not v1)
Then choose how you want to communicate information from your Identity Provider (IP):

method 1: XML file upload or XML file endpoint

Either upload a file containing the authentication information (you'll be able to generate this file in your Identify Provider) or input the endpoint at which such a file is available (some IPs provide this).

method 2: Manual input

You may also enter your authentication information manually. You'll need to provide:
  • a login endpoint
  • a logout endpoint
  • one certificate
Click on Test configuration to try to authenticate. If it works, you're all set but you will still need to enable that new SSO authentication method:
After enabling SSO, all users will be required to log in again.

IDP-initiated login

Once you have enabled SSO, you have the option to enable IDP-initiated login: this will allow your users to be automatically logged in when they come to Forest Admin from your identity provider dashboard.
To set it up properly, you will need to set a default Relay state on your identity provider following this format:
{"organizationName": "<organization_name>", "destinationUrl": "organization.projects"}
For instance, on Okta:
On OneLogin:

Troubleshooting

Follow the below verifications:
  • Double check all information (endpoints, certificate expiration dates, etc..)
  • Make sure the nameID configured on your Identity Provider is the email address used on Forest Admin accounts
  • Make sure you selected SAML v2 on your Identity Provider