Organization settings
Your Organization settings are accessible from the top-right dropdown:

The overview tab gathers the basic settings of your Organization: here you'll be able to edit
- its name
- its logo
or delete it permanently.

In this tab you can manage your Organization Owners. Owners are simply users who have access to the Organization settings.

A user must belong to at least 1 project of the Organization to be invited as an Owner and will be automatically added as Admin on all projects of the Organization
The Security tab is only available for the Plus plan or above
This tab gathers all security options of your Organization. For now you can only configure Single Sign-On (SSO).
To start configuring SSO for your Organization, click on "Configure Single Sign-On":

You'll first need to declare Forest Admin in your Identity Provider using the information in the grey panel:

Forest Admin supports SAML v2 (not v1)
Then choose how you want to communicate information from your Identity Provider (IP):
Either upload a file containing the authentication information (you'll be able to generate this file in your Identify Provider) or input the endpoint at which such a file is available (some IPs provide this).

You may also enter your authentication information manually. You'll need to provide:
- a login endpoint
- a logout endpoint
- one certificate

Click on Test configuration to try to authenticate. If it works, you're all set but you will still need to enable that new SSO authentication method:

Once you have enabled SSO, you have the option to enable IDP-initiated login: this will allow your users to be automatically logged in when they come to Forest Admin from your identity provider dashboard.

To set it up properly, you will need to set a default Relay state on your identity provider following this format:
{"organizationName": "<organization_name>", "destinationUrl": "organization.projects"}
For instance, on Okta:

On OneLogin:

Follow the below verifications:
- Double check all information (endpoints, certificate expiration dates, etc..)
- Make sure the
nameID
configured on your Identity Provider is the email address used on Forest Admin accounts - Make sure you selected SAML v2 on your Identity Provider
Last modified 1yr ago