SAML
Configure SAML 2.0 single sign-on for your Recomly organization.
SAML 2.0 (Security Assertion Markup Language) lets your team sign in to Recomly using your existing identity provider (IdP) — such as Okta, Azure AD, or Google Workspace — without managing separate Recomly passwords.
Prerequisites
- A Recomly plan that includes SSO
- Admin access to your identity provider
- Admin access to your Recomly organization
Overview
Recomly acts as the Service Provider (SP). Your identity provider initiates or responds to authentication requests and sends a signed SAML assertion back to Recomly confirming the user's identity.
Step 1 — Get your SP metadata from Recomly
- Go to Account → Single Sign-On in the Recomly dashboard.
- Click Add provider and select SAML.
- Copy the ACS URL and Entity ID — you will need these when configuring your IdP.
| Field | Value |
|---|---|
| ACS URL | https://auth.recomly.com/saml/callback |
| Entity ID | https://recomly.com |
| Name ID format | Email address |
Step 2 — Create an application in your identity provider
In your IdP, create a new SAML application and enter the SP values from Step 1. The required attribute mapping is:
| SAML attribute | Maps to |
|---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | User's email address (required) |
The email claim URI above is the WS-Federation standard format required by Recomly.
Step 3 — Enter your IdP metadata in Recomly
Once your IdP application is created, it will provide either a metadata XML URL or individual values:
- IdP SSO URL — the URL Recomly redirects users to for authentication
- IdP Entity ID — your IdP's unique identifier
- X.509 certificate — the public certificate used to verify SAML assertions
Enter these in the Recomly SSO configuration form and click Save.
Step 4 — Test the connection
After saving, test sign-in with an account from your IdP to verify the connection is working before rolling it out to your team.