Reshape

This guide outlines the steps to configure SAML-based Single Sign-On (SSO) for your account. Enabling SSO allows your team members to log in securely and conveniently using your company's existing identity provider (IdP), such as:

- Microsoft Entra ID (Azure AD)
- Google Workspace
- Okta
- Other SAML-based Identity Providers

Our SSO integration supports Just-in-Time (JIT) provisioning, which means user accounts are automatically created in our system the first time a new user signs in. This eliminates the need for manual invitations and streamlines your onboarding process. 🔐

___________________________________________________________

To begin, please contact your Reshape Biotech account representative or support team with the following information:

Your Identity Provider Name (e.g., Okta, Azure AD, Google, etc.).

The Email Domain(s) you wish to enable for SSO.

1. Your Identity Provider Name (e.g., Okta, Azure AD, Google, etc.).
2. The Email Domain(s) you wish to enable for SSO.

Once we receive this, we will provision the connection on our end and generate the following configuration values for you:

ACS URL (Assertion Consumer Service / Single Sign-On URL)

- Entity ID (Audience URI)
- ACS URL (Assertion Consumer Service / Single Sign-On URL)

Once you receive the Entity ID and ACS URL from us, create a new SAML 2.0 application in your IdP.

CRITICAL: Attribute Mapping For the connection to work, your IdP must send specific user data to Reshape. If these are missing, users will encounter a <code>saml_user_attribute_missing</code> error.

Please ensure the following attributes are mapped:

After configuring your IdP, we need to complete the handshake. Please provide us with one of the following:

1. Metadata URL
2. Metadata XML file

Once we receive your metadata, we will activate the connection and notify you.

Note: Please ensure you have assigned the relevant users or groups to the application in your IdP before testing the login.

Once we confirmed the connection is active, the last step is to do a final test login. 

If you are a new customer you should already have some accounts to try the login with.

Otherwise, please inform us which accounts to invite to Discovery.

Attempt the final login and let us know of any issues you might have!

No SCIM support: Our authentication platform doesn’t support SCIM yet, but it is planned. This means accounts deleted/disabled in your IdP won’t be able to log in, but their existing sessions (if they are logged in) will be valid until they expire (currently max session is 30 days). If you need an account disabled immediately, a group admin can disable the user in the <a href="https://discovery.reshapebiotech.com/settings" rel="nofollow noopener noreferrer" target="_blank">discovery settings page</a>.

User access control: Be aware that you can control which users can access the Reshape Biotech Platform from the IdP side. Consider if its relevant to provide access to a subset of users.

Automatic User Provisioning: With JIT provisioning, a user's account will be created automatically upon their first successful SSO login. There is no need to invite users manually beforehand.

Permission Management: User roles and permissions are managed directly within our platform and do not sync from your IdP. An administrator will need to assign the appropriate permissions to new users after their first login.

- No SCIM support: Our authentication platform doesn’t support SCIM yet, but it is planned. This means accounts deleted/disabled in your IdP won’t be able to log in, but their existing sessions (if they are logged in) will be valid until they expire (currently max session is 30 days). If you need an account disabled immediately, a group admin can disable the user in the <a href="https://discovery.reshapebiotech.com/settings" rel="nofollow noopener noreferrer" target="_blank">discovery settings page</a>.
- User access control: Be aware that you can control which users can access the Reshape Biotech Platform from the IdP side. Consider if its relevant to provide access to a subset of users.
- Automatic User Provisioning: With JIT provisioning, a user's account will be created automatically upon their first successful SSO login. There is no need to invite users manually beforehand.
- Permission Management: User roles and permissions are managed directly within our platform and do not sync from your IdP. An administrator will need to assign the appropriate permissions to new users after their first login.

If you're ready to get started or have any questions, please reach out to our support team.

How to Set Up SAML SSO for Your Organization

Create a custom design with text, images, and links

Research & development

Applications

Reshape API

Quality control

ISO methods

Product updates

Customer stories

Solutions

Explore

Resources

Open Discovery

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Attribute Name	Data to Map (Description)
`email`	The user's email address [Required]
`firstName`	The user's first name
`lastName`	The user's last name

How to Set Up SAML SSO for Your Organization

Step 1: Initiate the Request

Step 2: Configure Your Identity Provider

Step 3: Exchange Metadata

Step 4: Final Test Login

Important Notes