Copy the service-provider values
- Open Single sign-on and begin a SAML 2.0 connection.
- Copy the entity ID and assertion consumer service URL exactly as displayed.
- Create a SAML application in the identity provider using those values.
Add identity-provider metadata
- Use the provider metadata URL when available so endpoints and signing certificates can be validated together.
- Otherwise upload or paste the metadata XML supplied by the identity provider.
- Map a stable unique subject identifier and the required email, name, group, and school claims.
- Restrict accepted domains and select a safe default role.
Test before enforcement
Confirm the response issuer, audience, destination, timestamps, signature, subject, and required attributes. Rotate expiring signing certificates before the provider removes the previous certificate.