Organizations

Enable SAML SSO for the organization

To enable SSO for a custom SAML connection, please send an email to help@perchsecurity.com and provide the following information:

  1. IdP Domain(s) - this is likely going to be the same as the primary email domain for the requesting organization. If the email address is jsmith@perch.rocks, then the IdP domain will be perch.rocks
  2. Sign In URL - example: https://auth.perch.rocks/login
  3. X509 Signing Certificate - this is the SAMLP server public key encoded in PEM or CER format
  4. Sign Out URL - example: https://auth.perch.rocks/login

On the IdP, please configure it for the following

Perch Support will provide the value for YOURCONNNAME in the response after it is setup

Common settings

These are the parameters used to configure a SAML Identity Provider (IdP):

  • The post-back URL (also called Assertion Consumer Service URL) is: https://access.perchsecurity.com/login/callback?connection=YOURCONNNAME
  • The Entity ID of the Service Provider is: urn:auth0:perchsecurity:YOURCONNNAME
  • Attribute mapping: ensure your email address field (ex. E-Mail-Address, mail, etc) maps to email.

Signed assertions

By default, SAML assertions for IdP connections are signed, which we recommend. You can use the following public keys to configure the IdP:

CER
PEM
raw PEM
PKCS#7
Fingerprint

Metadata

Some SAML Identity Providers can accept importing metadata directly with all the required information. You can access the metadata for your connection in Auth0 here:

https://access.perchsecurity.com/samlp/metadata?connection=YOURCONNNAME