Single Sign-On (SSO) with SAML

Single Sign-On (SSO) allows your team members to log in to Arcade using your organization’s identity provider.

This is an Enterprise plan feature

Arcade supports SAML 2.0 using SP-initiated SSO, and integrates with providers like Auth0, Okta, Entra, and JumpCloud.

What is supported?

Protocol: SAML 2.0
Initiation: SP-initiated login
SSO URL: Custom Arcade SSO URL (provided after setup)
Callback (ACS) URL: https://app.arcade.software/__/auth/handler
Entity ID: urn:app.arcade.software

How do I configure SSO with SAML for my Arcade team?

There are two main parts to SAML setup: creating an app in your identity provider (IdP) and registering it with Arcade.

1. Create a new SAML application in your identity provider

When setting up Arcade in your IdP (e.g. Okta, Auth0), use the following values:

Entity ID: urn:app.arcade.software
ACS URL (Callback URL): https://app.arcade.software/__/auth/handler

These values are required for successful SAML assertions.

Send one of the following to support@arcade.software:

SAML metadata XML file (preferred)
A metadata URL
Or these individual fields:
- Entity ID / Issuer
- SSO Login URL
- X.509 Certificate

Once we receive this information, we’ll configure your SAML connection and send you back a dedicated Arcade SSO login URL. You can use this directly or select Continue with SSO on the Arcade login screen.

What else needs to be configured on our side?

Be sure to allow the following callback URL in your IdP settings:

arduinoCopy codehttps://app.arcade.software/__/auth/handler

This is required for authentication to complete successfully.

Provider-Specific Configuration

How do I configure SAML with Auth0?

You can manually configure a new SAML app in Auth0 using the standard method, or with the SAML 2.0 Add-On. If using the add-on:

⚠️ Important note for Auth0's SAML 2.0 Add-On

Ensure the NameID is set to the user’s email address by configuring nameIdentifierProbes like so:

jsonCopy code{
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

This ensures that Arcade receives the user’s email, which is required for login.

See also: Auth0: Manually configure SSO integrations

How do I configure SAML with Okta?

Follow Okta’s guide to create a new SAML app integration and use Arcade’s ACS and Entity ID values as described above.

PreviousGeneral Security NextGDPR Requirements

Last updated 26 days ago

Was this helpful?

Provider-Specific Configuration

How do I configure SAML with Auth0?

You can manually configure a new SAML app in Auth0 using the standard method, or with the SAML 2.0 Add-On. If using the add-on:

⚠️ Important note for Auth0's SAML 2.0 Add-On

Ensure the NameID is set to the user’s email address by configuring nameIdentifierProbes like so:

jsonCopy code{
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

This ensures that Arcade receives the user’s email, which is required for login.

See also: Auth0: Manually configure SSO integrations

How do I configure SAML with Okta?

Follow Okta’s guide to create a new SAML app integration and use Arcade’s ACS and Entity ID values as described above.

What is supported?

How do I configure SSO with SAML for my Arcade team?

1. Create a new SAML application in your identity provider

2. Share your SAML metadata with Arcade

What else needs to be configured on our side?

Provider-Specific Configuration

How do I configure SAML with Auth0?

⚠️ Important note for Auth0's SAML 2.0 Add-On

How do I configure SAML with Okta?

What is supported?

How do I configure SSO with SAML for my Arcade team?

1. Create a new SAML application in your identity provider

2. Share your SAML metadata with Arcade

What else needs to be configured on our side?

Provider-Specific Configuration

How do I configure SAML with Auth0?

⚠️ Important note for Auth0's SAML 2.0 Add-On

How do I configure SAML with Okta?