# Single Sign-On (SSO) Setup – SAML

## 🔐 Set Up SAML SSO (Enterprise)

Metaforms supports **Single Sign-On (SSO) via SAML** for secure and centralized access control.

Our SAML integration is powered by Supabase, and setup is typically quick as long as your Identity Provider (IdP) supports SAML 2.0.

You can view the list of supported providers here:\
<https://supabase.com/docs/guides/auth/enterprise-sso/auth-sso-saml>

If you use Microsoft Entra/ Azure AD you can refer to this guide for getting started: <https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso>

### 📋 Prerequisites

Before starting the setup, please ensure:

1. SSO is enabled on your Enterprise plan.
2. You have admin access to your Identity Provider (Okta, Azure AD, Google Workspace, etc.).
3. Your users share a common email domain (for example, @yourcompany.com).

### 🏗 Step 1: Create a SAML Application in Your Identity Provider

1. Log in to your Identity Provider.
2. Create a new **SAML 2.0 application**.
3. Configure the application using the following details:

**Entity ID (Identifier):**\
<https://data.metaforms.ai/auth/v1/sso/saml/metadata>

**Reply URL (ACS URL):**\
<https://data.metaforms.ai/auth/v1/sso/saml/acs>

**Relay State (Optional):**\
<https://app.metaforms.ai/>

The Relay State ensures users are redirected to the Metaforms application after authentication.

### 📩 Step 2: Share Required Details with Metaforms

Once the SAML application is configured, share the following with the Metaforms team:

1. Your **SAML Metadata URL**
2. Your **SSO Domain** (the email domain your users will use to log in)

Example:

Metadata URL: <https://your-idp.com/saml/metadata>\
SSO Domain: yourcompany.com

### ⚙️ Step 3: Metaforms Configuration

1. We will configure SSO on our end using the information provided.
2. We will notify you once the setup is complete.
3. You can then proceed with testing the login flow.

### Step 4: Testing the Integration

1. Navigate to the Metaforms login page.
2. Enter your company email address.
3. You will be redirected to your Identity Provider for authentication.
4. After successful authentication, you will be redirected back to Metaforms.

### 🛠 Troubleshooting

If users experience login issues:

1. Confirm that the SAML Metadata URL is correct and accessible.
2. Confirm that the email domain matches the configured SSO domain.
3. Confirm that the ACS URL and Entity ID are entered exactly as shown above.
4. Confirm that users are assigned to the SAML application in your Identity Provider.

If you need assistance at any stage, please contact the Metaforms support team.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.metaforms.ai/setup/single-sign-on-sso-setup-saml.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.