SAML 2.0 Setup
Configure Single Sign-On using SAML 2.0 for identity providers that support the SAML protocol. This guide covers generic SAML setup applicable to any compliant IdP.
Prerequisites
- A SAML 2.0 compliant identity provider (Okta, Azure AD, OneLogin, PingFederate, etc.)
- Admin access to your identity provider to create and configure applications
- A SecureCodingHub Org Admin account
Service Provider Details
These values are needed when configuring SecureCodingHub in your identity provider:
| Setting | Value |
|---|---|
| SP Entity ID | https://api.securecodinghub.com |
| ACS URL (Assertion Consumer Service) | https://api.securecodinghub.com/api/sch/auth/sso/callback/saml |
| SP Metadata URL | https://api.securecodinghub.com/api/sch/auth/sso/metadata |
| Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Binding | HTTP-POST |
Step 1 — Configure Your Identity Provider
1
Create a new SAML application
In your identity provider's admin console, create a new SAML 2.0 application for SecureCodingHub.
2
Set the ACS URL and Entity ID
Copy the ACS URL and SP Entity ID from the Service Provider Details table above into your IdP's application configuration.
3
Configure attribute mapping
Map the required email attribute as the NameID. Optionally map firstName and lastName attributes for automatic profile population.
4
Download or copy the IdP metadata URL
You will need your IdP's metadata URL (or signing certificate) in the next step when configuring SecureCodingHub.
Step 2 — Configure SAML in SecureCodingHub
1
Open SSO Settings
Log in as an Org Admin and navigate to SSO Settings from the sidebar.
2
Select SAML protocol
Choose SAML as the SSO protocol from the dropdown.
3
Enter IdP Metadata URL
Paste your identity provider's metadata URL. This allows SecureCodingHub to automatically discover endpoints and certificates.
4
Add signing certificate (optional)
If your IdP does not expose a metadata URL, paste the IdP signing certificate directly.
5
Enable SSO and save
Toggle SSO on and click Save to activate SAML authentication for your organization.
SSO Configuration
SAML
https://idp.example.com/metadata
-----BEGIN CERTIFICATE----- MIICmzCCAYMCBgF...
Enabled
Save
Step 3 — Test
1
Open an incognito window
Use a private/incognito browser window to avoid session conflicts with your admin account.
2
Navigate to the SSO login page
Go to app.securecodinghub.com and click Sign in with SSO.
3
Enter your corporate email
The system will detect your organization's SSO configuration and redirect you to your IdP.
4
Authenticate at your IdP
Complete the login flow at your identity provider. You should be redirected back to SecureCodingHub and logged in automatically.
Attribute Mapping
SecureCodingHub reads the following attributes from the SAML assertion:
| SAML Attribute | SecureCodingHub Field | Required |
|---|---|---|
NameID (email format) | Yes | |
firstName / givenName | First Name | No |
lastName / surname | Last Name | No |
Certificate expiration: SAML certificates expire. Set a calendar reminder to rotate your certificate before expiration to avoid login disruptions.