This guide provides step-by-step instructions for configuring popular identity providers to work with PageCrawl's SAML SSO.

Before you begin, ensure you have:

• Access to your identity provider's admin console
• PageCrawl Enterprise plan with SSO enabled
• Team owner's verified corporate email address

Get Your Service Provider Information

IMPORTANT: Complete this step first before configuring your Identity Provider

1. Navigate to Settings → Team → Single Sign-On (SSO) in PageCrawl

2. Copy the Metadata URL shown in the blue Service Provider information box

   • It will look like: https://pagecrawl.io/sso/saml/abc-123-def-456/metadata
   • Important: Copy the actual URL from PageCrawl, not this example

3. Keep this URL handy - most Identity Providers can automatically import all configuration from this metadata URL

Note: If your IdP doesn't support metadata import, copy the individual URLs from PageCrawl (they will also be shown in the same box):

• Reply URL (Assertion Consumer Service URL)
• Sign on URL
• Logout URL

Additional information for reference:

• NameID Format: Email Address (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)
• Binding: HTTP-POST for ACS, HTTP-Redirect for Single Sign-On

---

Azure AD / Microsoft Entra ID

Step 1: Create Enterprise Application

1. Sign in to the Azure Portal
2. Navigate to Azure Active Directory → Enterprise Applications
3. Click New application
4. Click Create your own application
5. Name it "PageCrawl" and select Integrate any other application you don't find in the gallery (Non-gallery)
6. Click Create

Step 2: Configure SAML

1. In your PageCrawl application, click Single sign-on in the left menu
2. Select SAML as the single sign-on method
3. In section 1. Basic SAML Configuration, click Edit and enter:
   • Identifier (Entity ID): Paste your Entity ID from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../metadata)
   • Reply URL (ACS URL): Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
4. Click Save

Step 3: Configure Attributes & Claims

The default Name ID (user.mail) is sufficient. No additional changes needed.

Step 4: Download Metadata

1. In section 3. SAML Signing Certificate, copy the App Federation Metadata Url
2. In PageCrawl SSO settings, paste this URL in the Metadata URL field
3. Click Parse Metadata from URL

Step 5: Assign Users

1. Navigate to Users and groups
2. Click Add user/group
3. Select users or groups who should have access to PageCrawl
4. Click Assign

---

Google Workspace

Step 1: Create Custom SAML Application

1. Sign in to your Google Admin Console
2. Go to Apps → Web and mobile apps
3. Click Add app → Add custom SAML app
4. Enter "PageCrawl" as the app name
5. Click Continue

Step 2: Download Google IdP Metadata

1. On the Google Identity Provider details page, click Download Metadata
2. Save the XML file
3. Click Continue

Step 3: Configure Service Provider Details

1. Enter the following values:
   • ACS URL: Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
   • Entity ID: Paste your Entity ID from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../metadata)
   • Start URL: Leave empty
   • Name ID format: EMAIL
   • Name ID: Basic Information > Primary email
2. Click Continue
3. Click Finish (skip attribute mapping)

Step 4: Import Metadata to PageCrawl

1. Open the downloaded metadata XML file
2. In PageCrawl SSO settings, paste the content into Metadata XML field
3. Click Parse Metadata XML

Step 5: Turn On the App

1. In Google Admin, click on your PageCrawl app
2. Click User access
3. Select ON for everyone or specific organizational units
4. Click Save

---

Okta

Step 1: Add Application

1. Sign in to your Okta Admin Console
2. Go to Applications → Applications
3. Click Create App Integration
4. Select SAML 2.0 and click Next

Step 2: General Settings

1. Enter "PageCrawl" as the App name
2. (Optional) Upload a logo
3. Click Next

Step 3: Configure SAML

1. In the SAML Settings section, enter:
   • Single sign-on URL: Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
   • Audience URI (SP Entity ID): Paste your Entity ID from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../metadata)
   • Name ID format: EmailAddress
   • Application username: Email
2. Leave other settings as default
3. Click Next

Step 4: Feedback

1. Select I'm an Okta customer adding an internal app
2. Click Finish

Step 5: Get Metadata URL

1. On the Sign On tab, scroll to SAML Signing Certificates
2. Click Actions next to the active certificate
3. Click View IdP metadata
4. Copy the URL from your browser's address bar
5. In PageCrawl SSO settings, paste this URL in the Metadata URL field
6. Click Parse Metadata from URL

Step 6: Assign Users

1. Go to the Assignments tab
2. Click Assign and select Assign to People or Assign to Groups
3. Assign users who should have access to PageCrawl
4. Click Done

---

OneLogin

Step 1: Add Application

1. Sign in to your OneLogin Admin Console
2. Go to Applications → Applications
3. Click Add App
4. Search for "SAML Test Connector (Advanced)" and select it

Step 2: Configure Application

1. Enter "PageCrawl" as the Display Name
2. Click Save

Step 3: Configure SAML Settings

1. Go to the Configuration tab
2. Enter the following:
   • Audience (Entity ID): Paste your Entity ID from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../metadata)
   • Recipient: Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
   • ACS (Consumer) URL Validator: Use regex pattern https://pagecrawl\.io/sso/saml/[^/]+/acs
   • ACS (Consumer) URL: Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
3. Click Save

Step 4: Get Metadata URL

1. Go to the More Actions menu
2. Select SAML Metadata
3. Copy the metadata URL
4. In PageCrawl SSO settings, paste this URL in the Metadata URL field
5. Click Parse Metadata from URL

Step 5: Assign Users

1. Go to the Users tab
2. Select users who should have access
3. Click Save

---

Custom SAML 2.0 Provider

If your identity provider isn't listed above but supports SAML 2.0, you can configure it manually:

Step 1: Configure Your Identity Provider

In your IdP, create a new SAML application with these settings:

• Entity ID: Paste your Entity ID from PageCrawl (you copied this in the first section above, e.g., https://pagecrawl.io/sso/saml/abc-123.../metadata)
• ACS URL: Paste your Reply URL from PageCrawl (e.g., https://pagecrawl.io/sso/saml/abc-123.../acs)
• NameID Format: Email Address
• Binding: HTTP-POST for ACS, HTTP-Redirect for SSO

Step 2: Get IdP Information

From your identity provider, collect:

• Entity ID (IdP Issuer)
• SSO URL (Sign-on URL)
• SLO URL (Sign-out URL) - Optional
• X.509 Certificate

Step 3: Manual Configuration in PageCrawl

1. In PageCrawl SSO settings, select the Manual Entry tab
2. Enter the collected information:
   • Entity ID
   • SSO URL
   • SLO URL (optional)
   • X.509 Certificate (paste the full certificate including BEGIN/END markers)
3. Enable SSO and configure JIT provisioning settings
4. Click Save Changes

---

Validation

After configuration, test your SSO:

1. Open an incognito/private browser window
2. Go to PageCrawl login page
3. Enter a test user's email address with your domain
4. Verify you're redirected to your IdP
5. Complete authentication
6. Verify you're logged into PageCrawl successfully

If you encounter issues, check:

• User is assigned to the PageCrawl application in your IdP
• Email domain matches your configured domain
• Metadata was imported correctly
• X.509 certificate is valid and not expired

---

Notes

• Metadata XML Format: PageCrawl does not support the EntitiesDescriptor element. Use EntityDescriptor format.
• Multiple IdPs: PageCrawl supports one identity provider per team.
• Certificate Rotation: When your IdP certificate expires, update the metadata in PageCrawl SSO settings.

Support

For assistance with your specific identity provider, contact support@pagecrawl.io.