All Collections
Back up and Security
How to Setup Single Sign On (SSO) Login in the Public Cloud Environment
How to Setup Single Sign On (SSO) Login in the Public Cloud Environment

What are the steps to setup a single sign on login service for workspaces in the public cloud environment

Ilya letnik avatar
Written by Ilya letnik
Updated over a week ago

In order to set up the service, please contact support via the messenger or at [email protected]. Labguru will provide you with an XML metadata file.

How to do the setup

  1. Create a new application for Labguru

  2. The entityID value from the metadata file should be added to the entityID field in your SSO service setup. The Reply URL for Multi-Tenants is: and for private servers it is - https://{private server url}/single_sign_on

  3. Setup the attributes and claims exactly as in the screenshot below

    (example from Azure)


If the following error appears after setting up SSO

It means that the value has quotes around it, meaning the doesn’t exist as a default value and therefore cannot be added without quotes (image 2)
To resolve this issue the following steps should be performed:
1. Create a new claim named :email (image 3)
2. In the source attribute field choose user.mail (image 3)
3. If user.mail already exists as a value of another claim (image 4) - delete the claim
4. Download the XML file again and send it to us

Setup in OKTA:

Note: The Single Sign-On URL on the General section varies depending on the account server.

4. In exchange, Labguru will require a metadata file (SAML metadata) with a description of the IDP (that supports SAML 2.0) that you can download after the attributes were set up as described above, the file should contain the following attributes:

  • EntityId

  • A valid self-signed X.509 certificate

  • Single Sign-On Service Endpoint

  • NameID format (from the SAML 2.0 supported options)

*in order to download the metadata file go to Sign On tab in the application ->SAML Signing Certificates -> section -> Actions

In addition, we will need to know the initiation method (IDP-Initiated or SP-Initiated).

5. Send us the XML file and a screenshot of the attributes and claims setup

Once the functionality is enabled by Labguru, all users in the organization will be able to login using the SSO service.

Did this answer your question?