Skip to main content

Search

Journey by Forj Support Center

Setup SAML SSO with Forj

Drew Teig
  • Updated

Setting Up SAML Single Sign-On (SSO) with Forj

Forj supports SAML 2.0, which allows your organization to use your preferred Identity Provider (IdP) for authentication. This guide outlines the values your IdP will provide to Forj, the values Forj provides to your IdP, and how to complete setup within your Forj community.

Values Forj Needs from Your Identity Provider (IdP)

When configuring Forj as a SAML Service Provider (SP), you’ll need to collect the following details from your IdP:

Metadata URL (or XML File)

  • Many IdPs provide a metadata URL or XML file that includes the necessary configuration details.

  • Look for terms such as “Metadata URL,” “Federation Metadata,” or “SAML Metadata.”

  • Example format:

    https://your-idp.com/.well-known/saml/metadata.xml

SSO Target URL (IdP Login URL)

  • This is the URL your users are redirected to when initiating login.

  • Sometimes labeled “Single Sign-On URL” or “IdP-Initiated Login URL.”

  • Example format:

    https://your-idp.com/idp/login

Certificate Fingerprint ID (SHA-1)

  • Your IdP will provide a signing certificate used to secure authentication requests.

  • Export or download the certificate from your IdP and decode it using a certificate tool (e.g., Certificate Decoder).

  • From the decoded certificate, copy the SHA-1 fingerprint value and format it according to your IdP’s requirements.

Values Your Identity Provider Needs from Forj

During IdP configuration, you’ll need to provide the following details from Forj:

Callback (ACS) URL

  • This is the Assertion Consumer Service (ACS) endpoint where the IdP sends authentication responses.

  • Format:

    https://your-domain.mobilize.io/users/auth/saml/callback

Start URL

  • The base domain of your Forj community.

  • Format:

    https://your-domain.mobilize.io

Entity ID

  • A unique identifier for your Forj community as a SAML Service Provider.

  • Format:

    https://your-domain.mobilize.io/users/auth/saml/metadata

ACS URL

  • This will be the same as the Callback URL above.

Configuring SAML in Forj

  • Sign into your community as a Community Manager or Account Owner.

  • Navigate to Community Settings > Authentication.

  • Toggle Single Sign-On on, and select SAML Configuration.

  • Set the group that your members will be automatically added to, when connecting for the first time

  • Enter the details you collected from your IdP:

    • Metadata URL (or IdP Entity ID)

    • SSO Target URL

    • Certificate Fingerprint ID (SHA-1)

  • Save your changes.

Your SAML integration should now be active. Users will be able to sign into Forj using your organization’s identity provider.