Skip to main content
Welcome to the Signals SAML (Security Assertion Markup Language) integration guide. This section provides comprehensive documentation for setting up and managing SAML-based single sign-on (SSO) with the Signals platform.

What is SAML?

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between parties. In the context of Signals, SAML enables:
  • Single Sign-On (SSO): Users can access Signals using their existing organizational credentials
  • Centralized Identity Management: Manage user access through your existing identity provider
  • Enhanced Security: Leverage your organization’s security policies and multi-factor authentication
  • Simplified User Experience: Seamless login without additional passwords to remember

How SAML Works with Signals

The SAML integration follows a standard flow:
  1. User initiates login to Signals
  2. Signals redirects the user to your identity provider (e.g., Microsoft Entra ID)
  3. User authenticates with your identity provider
  4. Identity provider sends a SAML assertion back to Signals
  5. Signals validates the assertion and grants access to the authenticated user

Supported Identity Providers

Signals currently supports SAML integration with:
  • Microsoft Entra ID (formerly Azure AD) - Full documentation available
  • Okta - Contact support for configuration details
  • OneLogin - Contact support for configuration details
  • ADFS - Contact support for configuration details
  • Custom SAML 2.0 Providers - Contact support for compatibility verification

Prerequisites

Before setting up SAML integration, ensure you have:

On the Identity Provider Side

  • Administrative access to your identity provider
  • Ability to create and configure enterprise applications
  • Permission to assign users to applications
  • Understanding of your organization’s user management policies

On the Signals Side

  • Administrative access to your Signals account
  • Understanding of your desired user roles and permissions
  • Access to invite and manage users in the platform

SAML Configuration Overview

Setting up SAML with Signals involves several key steps:
  1. Configure your Identity Provider
    • Create a new enterprise application for Signals
    • Configure SAML settings and certificates
    • Set up user attributes and claims
    • Assign users to the application
  2. Configure Signals
    • Obtain service provider metadata
    • Configure environment variables
    • Test the SAML integration
  3. User Management
    • Invite users to the Signals platform
    • Assign appropriate roles and permissions
    • Test user login flow

Security Features

Signals SAML integration includes robust security features:

Assertion Validation

  • Digital Signature Verification: All SAML assertions are validated using your IdP’s signing certificate
  • Timestamp Validation: Assertions are checked for validity periods to prevent replay attacks
  • Audience Restriction: Assertions are validated to ensure they’re intended for Signals

Session Management

  • Secure Session Storage: User sessions are stored securely in Redis
  • HTTP-Only Cookies: Session cookies are protected from client-side script access
  • Proper Logout: Both IdP and application sessions are terminated during logout

Data Protection

  • Encrypted Communication: All SAML exchanges use HTTPS encryption
  • Minimal Data Collection: Only necessary user attributes are processed
  • Audit Logging: Authentication events are logged for security monitoring

User Attributes and Claims

Signals requires specific user attributes to function properly:
AttributeSAML Claim URISourceRequired
Emailhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressuser.mail✅ Yes
First Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.givenname✅ Yes
Last Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.surname✅ Yes
User Principal NameName IDuser.userprincipalname✅ Yes

Getting Started

Ready to set up SAML with Signals? Follow these steps:
  1. Choose your identity provider from our supported list
  2. Review the specific integration guide for your provider
  3. Gather necessary information such as metadata URLs and certificates
  4. Follow the step-by-step configuration instructions
  5. Test the integration with a pilot group of users
  6. Roll out to your organization once testing is complete

Support and Resources

Documentation

API Endpoints

For reference, Signals provides these SAML endpoints:
  • Metadata: https://app.getsignals.ai/api/core/auth/azure/saml/metadata
  • Login: https://app.getsignals.ai/api/core/auth/azure/saml/login
  • Callback: https://app.getsignals.ai/api/core/auth/azure/saml/callback
  • Logout: https://app.getsignals.ai/api/core/auth/azure/saml/logout

Getting Help

  • Technical Support: Contact your Signals support team for integration assistance
  • Documentation Issues: Report any documentation problems or suggestions
  • Feature Requests: Submit requests for additional identity provider support

Next Steps

Choose your integration path:

Microsoft Entra ID Setup

Complete guide for configuring SAML with Microsoft Entra ID

User Management

Learn how to invite and manage users for SAML authentication
For other identity providers or custom configurations, please contact our support team for assistance.