Skip to Content
How-To GuidesConfigure SSO

Configure SSO

This guide walks you through setting up SAML Single Sign-On for your Slim.io organization.

Time required: 10–15 minutes

Prerequisites:

  • Admin access to the Slim.io Customer Dashboard
  • Admin access to your identity provider (Entra ID, Okta, or Google Workspace)

Step 1: Open Identity Settings

  1. Navigate to Settings > Identity in the Customer Dashboard.
  2. Click Add Connection.
  3. Select your identity provider from the list.

Slim.io displays its SP metadata that you will need for the IdP configuration:

  • Entity ID: https://slim.io/saml/metadata
  • ACS URL: https://slim.io/saml/acs

Step 2: Configure Your Identity Provider

For Entra ID (Azure AD)

  1. In Azure Portal, go to Enterprise Applications > New Application.
  2. Select Create your own application (Non-gallery).
  3. Go to Single sign-on > SAML.
  4. Set Identifier: https://slim.io/saml/metadata.
  5. Set Reply URL: https://slim.io/saml/acs.
  6. Under Attributes & Claims, verify email maps to user.mail.
  7. Download the Certificate (Base64) and copy the Login URL.

For Okta

  1. In Okta Admin Console, go to Applications > Create App Integration > SAML 2.0.
  2. Set SSO URL: https://slim.io/saml/acs.
  3. Set Audience URI: https://slim.io/saml/metadata.
  4. Set Name ID format: EmailAddress.
  5. Add attribute: email = user.email.
  6. Copy the Identity Provider Metadata URL.

For Google Workspace

  1. In Google Admin Console, go to Apps > Web and mobile apps > Add SAML app.
  2. Set ACS URL: https://slim.io/saml/acs.
  3. Set Entity ID: https://slim.io/saml/metadata.
  4. Set Name ID format: EMAIL.
  5. Download the IdP metadata XML.

Step 3: Enter IdP Details in Slim.io

Back in the Slim.io Identity settings:

  1. Paste the IdP SSO URL (Login URL).
  2. Paste the IdP Entity ID.
  3. Upload or paste the IdP Certificate (PEM or Base64 format).
  4. Alternatively, paste the Metadata URL and Slim.io will extract the values automatically.

Step 4: Test the Connection

  1. Click Test Connection.
  2. A new window opens with the IdP login page.
  3. Sign in with your IdP credentials.
  4. On success, you are redirected back to Slim.io with a confirmation message.

If the test fails, check: (1) the ACS URL matches exactly, (2) the certificate is valid and not expired, (3) the user’s email exists in the IdP.

Step 5: Activate SSO

  1. After a successful test, click Activate.
  2. Choose whether to enforce SSO (disable email/password login) or offer it as an option.
  3. If enforcing, confirm that at least one admin retains recovery access.

Step 6: Verify User Access

  1. Have a team member sign out and sign back in.
  2. They should be redirected to the IdP login page.
  3. After IdP authentication, they land in the Slim.io dashboard.
  4. New users (JIT provisioning) appear with the Viewer role in the Default workspace.

Post-Setup

  • Assign roles: Promote JIT-provisioned users from Viewer to Editor or Admin as needed
  • Configure group mapping: Map IdP groups to Slim.io roles under Settings > Identity > Role Mapping
  • Monitor: Check the audit log for SSO login events under Settings > Audit Log

Next Steps

Last updated on
Run Your First ScanCreate a Custom Classifier