# Set Up Your Identity Provider for SAML SSO

Source: PageCrawl.io Help Center
URL: https://pagecrawl.io/help/account-settings/article/set-up-identity-provider-for-saml-sso

---

This guide covers the identity provider (IdP) side of SSO setup with step-by-step instructions for Azure AD, Google Workspace, Okta, OneLogin, and custom SAML providers. For PageCrawl-side settings (enabling SSO, enforcement, JIT provisioning), see the [SSO Configuration Guide](/help/account-settings/article/saml-sso-configuration.md).

Before you begin, ensure you have:
- Access to your identity provider's admin console
- PageCrawl Enterprise or Ultimate plan with SSO enabled
- Team owner's verified corporate email address

## Get Your Service Provider Information

**IMPORTANT: Complete this step first before configuring your Identity Provider**

1. Navigate to **Settings → Team → Auth & SSO** in PageCrawl
2. Copy the **Metadata URL** shown in the blue Service Provider information box

  [Image: Auth and SSO settings in PageCrawl with the SAML 2.0 Single Sign-On section]

   - It will look like: `https://pagecrawl.io/sso/saml/abc-123-def-456/metadata`
   - **Important:** Copy the actual URL from PageCrawl, not this example

3. Keep this URL handy - most Identity Providers can automatically import all configuration from this metadata URL

**Note:** If your IdP doesn't support metadata import, copy the individual URLs from PageCrawl (they will also be shown in the same box):
- Reply URL (Assertion Consumer Service URL)
- Sign on URL
- Logout URL

**Additional information for reference:**
- **NameID Format**: Email Address (`urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`)
- **Binding**: HTTP-POST for ACS, HTTP-Redirect for Single Sign-On

---

  [Image: Microsoft Entra ID logo]

### Step 1: Create Enterprise Application

1. Sign in to the [Azure Portal](https://portal.azure.com)
2. Navigate to **Azure Active Directory → Enterprise Applications**
3. Click **New application**
4. Click **Create your own application**
5. Name it "PageCrawl" and select **Integrate any other application you don't find in the gallery (Non-gallery)**
6. Click **Create**

### Step 2: Configure SAML

1. In your PageCrawl application, click **Single sign-on** in the left menu
2. Select **SAML** as the single sign-on method
3. In section **1. Basic SAML Configuration**, click **Edit** and enter:
   - **Identifier (Entity ID)**: Paste your Entity ID from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../metadata`)
   - **Reply URL (ACS URL)**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
4. Click **Save**

### Step 3: Configure Attributes & Claims

The default Name ID (user.mail) is sufficient. No additional changes needed.

### Step 4: Download Metadata

1. In section **3. SAML Signing Certificate**, copy the **App Federation Metadata Url**
2. In PageCrawl SSO settings, paste this URL in the **Metadata URL** field
3. Click **Parse Metadata from URL**

### Step 5: Assign Users

1. Navigate to **Users and groups**
2. Click **Add user/group**
3. Select users or groups who should have access to PageCrawl
4. Click **Assign**

---

  [Image: Google Workspace logo]

### Step 1: Create Custom SAML Application

1. Sign in to your [Google Admin Console](https://admin.google.com)
2. Go to **Apps → Web and mobile apps**
3. Click **Add app → Add custom SAML app**
4. Enter "PageCrawl" as the app name
5. Click **Continue**

### Step 2: Download Google IdP Metadata

1. On the **Google Identity Provider details** page, click **Download Metadata**
2. Save the XML file
3. Click **Continue**

### Step 3: Configure Service Provider Details

1. Enter the following values:
   - **ACS URL**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
   - **Entity ID**: Paste your Entity ID from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../metadata`)
   - **Start URL**: Leave empty
   - **Name ID format**: EMAIL
   - **Name ID**: Basic Information > Primary email
   - **Signed response**: Leave unchecked (PageCrawl requires signed assertions, which is the industry standard default)
2. Click **Continue**
3. Click **Finish** (skip attribute mapping)

### Step 4: Import Metadata to PageCrawl

1. Open the downloaded metadata XML file
2. In PageCrawl SSO settings, paste the content into **Metadata XML** field
3. Click **Parse Metadata XML**

### Step 5: Turn On the App

1. In Google Admin, click on your PageCrawl app
2. Click **User access**
3. Select **ON for everyone** or specific organizational units
4. Click **Save**

---

  [Image: Okta logo]

### Step 1: Add Application

1. Sign in to your [Okta Admin Console](https://admin.okta.com)
2. Go to **Applications → Applications**
3. Click **Create App Integration**
4. Select **SAML 2.0** and click **Next**

### Step 2: General Settings

1. Enter "PageCrawl" as the **App name**
2. (Optional) Upload a logo
3. Click **Next**

### Step 3: Configure SAML

1. In the **SAML Settings** section, enter:
   - **Single sign-on URL**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
   - **Audience URI (SP Entity ID)**: Paste your Entity ID from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../metadata`)
   - **Name ID format**: EmailAddress
   - **Application username**: Email
2. Leave other settings as default
3. Click **Next**

### Step 4: Feedback

1. Select **I'm an Okta customer adding an internal app**
2. Click **Finish**

### Step 5: Get Metadata URL

1. On the **Sign On** tab, scroll to **SAML Signing Certificates**
2. Click **Actions** next to the active certificate
3. Click **View IdP metadata**
4. Copy the URL from your browser's address bar
5. In PageCrawl SSO settings, paste this URL in the **Metadata URL** field
6. Click **Parse Metadata from URL**

### Step 6: Assign Users

1. Go to the **Assignments** tab
2. Click **Assign** and select **Assign to People** or **Assign to Groups**
3. Assign users who should have access to PageCrawl
4. Click **Done**

---

  [Image: OneLogin logo]

### Step 1: Add Application

1. Sign in to your [OneLogin Admin Console](https://app.onelogin.com/admin)
2. Go to **Applications → Applications**
3. Click **Add App**
4. Search for "SAML Test Connector (Advanced)" and select it

### Step 2: Configure Application

1. Enter "PageCrawl" as the **Display Name**
2. Click **Save**

### Step 3: Configure SAML Settings

1. Go to the **Configuration** tab
2. Enter the following:
   - **Audience (Entity ID)**: Paste your Entity ID from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../metadata`)
   - **Recipient**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
   - **ACS (Consumer) URL Validator**: Use regex pattern `https://pagecrawl\.io/sso/saml/[^/]+/acs`
   - **ACS (Consumer) URL**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
3. Click **Save**

### Step 4: Get Metadata URL

1. Go to the **More Actions** menu
2. Select **SAML Metadata**
3. Copy the metadata URL
4. In PageCrawl SSO settings, paste this URL in the **Metadata URL** field
5. Click **Parse Metadata from URL**

### Step 5: Assign Users

1. Go to the **Users** tab
2. Select users who should have access
3. Click **Save**

---

## Custom SAML 2.0 Provider

If your identity provider isn't listed above but supports SAML 2.0, you can configure it manually:

### Step 1: Configure Your Identity Provider

In your IdP, create a new SAML application with these settings:

- **Entity ID**: Paste your Entity ID from PageCrawl (you copied this in the first section above, e.g., `https://pagecrawl.io/sso/saml/abc-123.../metadata`)
- **ACS URL**: Paste your Reply URL from PageCrawl (e.g., `https://pagecrawl.io/sso/saml/abc-123.../acs`)
- **NameID Format**: Email Address
- **Binding**: HTTP-POST for ACS, HTTP-Redirect for SSO

### Step 2: Get IdP Information

From your identity provider, collect:
- **Entity ID** (IdP Issuer)
- **SSO URL** (Sign-on URL)
- **SLO URL** (Sign-out URL) - Optional
- **X.509 Certificate**

### Step 3: Manual Configuration in PageCrawl

1. In PageCrawl SSO settings, select the **Manual Entry** tab
2. Enter the collected information:
   - Entity ID
   - SSO URL
   - SLO URL (optional)
   - X.509 Certificate (paste the full certificate including BEGIN/END markers)
3. Enable SSO and configure JIT provisioning settings
4. Click **Save Changes**

---

## Validation

After configuration, test your SSO:

1. Open an incognito/private browser window
2. Go to PageCrawl login page
3. Enter a test user's email address with your domain
4. Verify you're redirected to your IdP
5. Complete authentication
6. Verify you're logged into PageCrawl successfully

If you encounter issues, check:
- User is assigned to the PageCrawl application in your IdP
- Email domain matches your configured domain
- Metadata was imported correctly
- X.509 certificate is valid and not expired

---

## Notes

- **Metadata XML Format**: PageCrawl does not support the `EntitiesDescriptor` element. Use `EntityDescriptor` format.
- **Multiple IdPs**: PageCrawl supports one identity provider per team.
- **Certificate Rotation**: When your IdP certificate expires, update the metadata in PageCrawl SSO settings.

## Support

For assistance with your specific identity provider, contact [support@pagecrawl.io](mailto:support@pagecrawl.io).

---

Need more? The complete PageCrawl.io help center, with every article, is available as a single document at https://pagecrawl.io/llms-full.txt. Read it for context on anything this page does not cover.