Skip to main content
This guide walks through configuring SAML SSO with OneLogin as your identity provider.
Email addresses in and Tuple must match exactly. For example, dev+tuple@company.com does not match dev@company.com. Verify your team’s email addresses before enabling SSO.
1

Create a SAML connector

After signing in to your OneLogin account, click Applications > Applications in the top navigation bar.Add SSO SAML AppIn the search field, enter SAML Test and select SAML Test Connector (Advanced) from the results.Locate App From SearchFill in any required metadata, upload company logos, and save the new application.SAML Metadata
2

Configure Tuple's metadata

After saving, click Configuration in the left-hand sidebar.Tuple MetadataFill in the following fields:Audience (EntityID)
https://production.tuple.app/users/saml/metadata
Recipient
https://production.tuple.app/users/saml/auth
ACS (Consumer) URL Validator
https:\/\/production.tuple.app\/users\/saml\/auth
ACS (Consumer) URL
https://production.tuple.app/users/saml/auth
Login URL
https://production.tuple.app
3

Attach required parameters

Navigate to the Parameters section in the sidebar and click the plus button to add new fields.Tuple requires three fields in the SSO response: email, first_name, and last_name.Add User ParametersWhen adding each field, check the Include in SAML Assertion checkbox.Check assertionRepeat for first_name and last_name.Adding First NameOnce all required parameters are added, the screen looks like this:All Required Tuple Params
4

Enable SAML in Tuple

Download your X.509 certificate. Click SSO in the sidebar and find the link to View Details:View certificateClick Download to save the certificate file.Download certificateReturn to the SSO screen and locate the Issuer URL and SAML 2.0 Endpoint (HTTP).Entity ID and auth URLNavigate to the Settings tab of the team management dashboard.
Only team owners can access this page. To find out who your team owner is, check your profile.
Toggle Enable SAML to reveal the configuration form:SAML configuration form in TupleFill in the values with your metadata:Click Save Configuration to enable SAML for your team. Active sessions persist, but new logins are routed through . Log in at production.tuple.app/saml_check/new to verify the configuration.