User Guide
Other documentationsDemoCommunity
  • Forest Admin
  • Getting Started
    • Setup guide
    • Master your UI
      • The Table View
      • Using the Layout Editor mode
        • Customize the Table View
        • Customize the Details View
        • Customize your creation and edition forms
      • Build a Summary View
      • Build an Explorer View
      • Using Smart Views
    • Tutorials
  • Collections
    • Manage your collection settings
    • Customize your fields
      • Edit widgets
      • Display widgets
      • Options
      • Default actions on relationships
    • Actions
      • Edit a record
      • Create a record
      • Using Smart Actions
    • Segments
    • Scopes
    • Performance
  • Workspaces
    • Introduction to Workspaces
    • Using Workspaces
      • Sharing your own Workspace URL with pre-selected data
      • Editing records with field components
    • Building a workspace
      • Workspace Incident Management example
      • Workspace KYC example
      • Transactions Monitoring & Fraud Management example
      • Fleet Management example
  • dashboards
    • Charts
      • Create a chart
      • Display record-specific charts in Analytics
  • Other tabs
    • Collaboration
      • Communicate with Notes
      • Approval requests
      • Inboxes
    • Activity
  • Integrations
    • Metabase
  • Project settings
    • General tab
    • Environments tab
    • Teams, Users & Permissions
      • Create and manage a team
      • Add and manage users
      • Manage roles and permission levels
      • Export users history
    • Security tab
      • SCIM integration with OneLogin
      • SCIM integration with Okta
      • Manual SCIM integration with Okta
    • Other project settings
      • Interface tab
      • Billing tab
    • Organizations
      • Organization settings
        • Configure SSO with AWS IAM
        • Configure SSO with Azure AD
        • Configure SSO with Google
        • Configure SSO with Okta
        • Configure SSO with OneLogin
Powered by GitBook
On this page
  • Overview tab
  • Owners tab
  • Security tab
  • Configuring SSO

Was this helpful?

  1. Project settings
  2. Organizations

Organization settings

PreviousOrganizationsNextConfigure SSO with AWS IAM

Last updated 24 days ago

Was this helpful?

Your Organization settings are accessible from the top-right dropdown:

Overview tab

The overview tab gathers the basic settings of your Organization: here you'll be able to edit

  • its name

  • its logo

or delete it permanently.

Owners tab

In this tab you can manage your Organization Owners. Owners are simply users who have access to the Organization settings.

A user must belong to at least 1 project of the Organization to be invited as an Owner and will be automatically added as Admin on all projects of the Organization

Security tab

This tab gathers all security options of your Organization. For now you can only configure Single Sign-On (SSO).

Configuring SSO

We are supporting the SAML 2.0 specifications, you can use all the main Identity Providers.

Requirements

To configure SSO for your organization, you must:

  • Have access to your Identity Provider.

Configure your Identity Provider

You'll first need to declare Forest Admin in your Identity Provider using the information in the grey panel:

Setting
Description
Value

Callback URL (Assertion Consumer Service URL)*

Assertion Consumer Service URL is responsible for receiving the SAML response

https://api.forestadmin.com/api/saml/callback

Sign on URL*

Sign on URL

https://api.forestadmin.com/api/saml/callback

Logout URL

Redirected to this location after logout

https://app.forestadmin.com/login (⚠️ Or your custom domain if you use one)

Audience (EntityID)

Named SP Entity ID in Forest Admin

Value is displayed in the Forest Admin settings

Configure Forest Admin with the Identity Provider Metadata

XML file upload or XML file endpoint (Recommended)

We highly recommend to use this option, most especially the one where you provide the metadata file using an url. This allows automatic certificate update without service interruption.

Either upload a file containing the authentication information (you'll be able to generate this file in your Identify Provider) or input the endpoint at which such a file is available (some IPs provide this).

Manual input

You may also enter your authentication information manually. You'll need to provide:

  • a Login endpoint

  • a Logout endpoint

  • and finally a Valid certificate

Click on Test configuration to try to authenticate.

Enables it for all the users

If it works, you're all set but you will still need to enable that new SSO authentication method:

Identity Provider-initiated login (Optional)

Once you have enabled SSO, you have the option to enable IdP-initiated login: this will allow your users to be automatically logged in when they come to Forest Admin from your identity provider dashboard.

To set it up properly, you will need to set a default Relay state on your identity provider following this format (or URL encoded depending on the IdP):

{
  "organizationName": "OrganizationName",
  "destinationUrl": "organization.projects"
}

Troubleshooting

Check the steps below this if you encounter an issue:

  • Double check all information (endpoints, certificate expiration dates, etc..)

  • Make sure the NameID configured on your Identity Provider is the email address used on Forest Admin accounts too

  • Make sure you selected SAML 2.0 on your Identity Provider

You need to be on a to have access to this feature.You need a least one project within this organization with this plan to gain access to this feature

For instance, the following platforms have been tested and documented: , , , and IdPs.

Be an .

After enabling SSO, all users will be required to again.

If you can't find anything by yourself don't hesitate to

Forest Admin Pro plan
Okta
OneLogin
Google
Azure Active Directory
AWS IAM
ask for help on our Community forum
organization owner
log in