![Libryo_Small_Use_Green (1).png]](https://success.libryo.com/hs-fs/hubfs/Libryo_Small_Use_Green%20(1).png?height=42&name=Libryo_Small_Use_Green%20(1).png){kind=small}
SAML Authentication Integration Guide for Libryo Sites
A comprehensive walkthrough for integrating SAML authentication with Libryo Sites, ensuring secure access management across identity providers
Last updated July 2025
This guide provides step-by-step instructions on how to integrate SAML (Security Assertion Markup Language) authentication for your organization with Libryo Sites acting as the service provider or relying party. SAML enables secure, single sign-on (SSO) between your identity provider (IdP) and Libryo Sites.
1. Configuring Service Providers in Identity Provider
- Supported Identity Providers:
- Azure
- Okta
- Onelogin
- Ping Identity
- Custom SAML 2.0 Provider
2. Required URLs from Libryo Sites' Side
During the configuration process in your identity provider, you will be prompted to provide specific URLs from Libryo Sites' side. Please use the following URLs:
-
Assertion Consumer Service URL (ACS/Reply URL):
- URL: https://my.libryo.com/auth/saml/{org_identifier}/callback
- This URL is where the identity provider sends the SAML assertion after a user has been authenticated.
-
Identifier (Entity ID):
- URL: https://my.libryo.com/auth/saml/{org_identifier}/metadata
-
The Entity ID uniquely identifies the Libryo Sites service provider to the identity provider. It is used during the configuration process.
-
ERM Libryo Metadata URL:
- URL: https://my.libryo.com/auth/saml/{org_identifier}/metadata
- This URL provides metadata about the Libryo Sites service provider, including supported bindings, endpoints, and certificates. It is used by the identity provider to configure the service provider settings.
-
ERM Libryo Single Login URL:
- URL: https://my.libryo.com/auth/saml/{org_identifier}
- This URL is used by users to initiate the single sign-on process. The users will be redirected to this URL to authenticate through the identity provider.
-
ERM Libryo Single Logout URL:
- URL: https://my.libryo.com/auth/saml/{org_identifier}/logout
- This URL is used to initiate single logout, allowing users to log out of all connected services, including Libryo Sites, in a federated environment.
3. Set Up Assertions/Attributes/Claims
During the configuration process in your identity provider, ensure that the following assertions/attributes/claims are set up:
- First Name
- Last Name
- NameID (a unique identifier, not necessarily the email)
4. Enable SAML Authentication
In your Libryo Sites organization settings:
- Turn on "Enable SAML authentication for this organization."
- Complete the required fields using the information provided above.
- Click on "Save."
For additional support or troubleshooting, refer to your identity provider's documentation or contact Libryo Support.
Have any questions?
At Libryo, we really want all our users to get the most from our system. We hope that this article was useful. If you still have some questions, please contact us.