Salto

Salto SAML integration is available for enterprise customers (see info about plans here: <a href="https://www.salto.io/pricing" target="_blank" rel="nofollow noopener noreferrer">https://www.salto.io/pricing</a>)

Contact <a href="mailto:Support@salto.io" target="_blank" rel="nofollow noopener noreferrer">support@salto.io</a> in order to initialize the process.

1. Salto SAML integration is available for enterprise customers (see info about plans here: <a href="https://www.salto.io/pricing" target="_blank" rel="nofollow noopener noreferrer">https://www.salto.io/pricing</a>)
2. Contact <a href="mailto:Support@salto.io" target="_blank" rel="nofollow noopener noreferrer">support@salto.io</a> in order to initialize the process.

___________________________________________________________

Sign into Entra (Azure AD) admin dashboard (entra.microsoft.com)

Open Applications → Enterprise applications

Give the app a name and select Integrate any other application you don’t find in the gallery (Non-gallery) and then click the Create button

You should see a screen similar to this, where you can upload Salto logo from <a href="" target="_blank" rel="nofollow noopener noreferrer">here</a>

Go to Manage → Users and groups and assign relevant users to be able to use this application

Open Manage → Single sign-on and select SAML

1. Identifier should be: <code>urn:auth0:salto:REPLACE_ME</code>
2. Reply URL (Assertion Consumer Service URL) should be: <code>https://auth.salto.io/login/callback?connection=REPLACE_ME</code>
 1. <code>REPLACE_ME</code> should be replaced with the connection name you got from Salto, or you can use your domain name with hyphens instead of dots, e.g.: <code>acme.com → acme-com acme.co.uk → acme-co-uk</code>

Set up the claims required for Salto SAML integration

1. <code>user.mail → email</code>
2. <code>user.surname → family_name</code>
3. <code>user.givenname → given_name</code>
4. The namespaces can be removed
 It is recommended to verify that the Users that are going to use Salto have valid values for these 3 fields

1. Download Certificate Base64

2. Login and Logout URLs

Salto support team will processes your request and notify you when it is ready

Your SAML configuration for Salto is complete. You can start assigning users and groups to the application.

For IDP-initiated SSO, after clicking Salto app in Entra ID "Apps Dashboard", you will be redirected to <a href="" target="_blank" rel="nofollow noopener noreferrer">https://app.salto.io/</a>

For SP-initiated SSO, navigate to <a href="" target="_blank" rel="nofollow noopener noreferrer">https://app.salto.io/login</a>, and enter the your email address:

1. Sign into Entra (Azure AD) admin dashboard (entra.microsoft.com)
2. Open Applications → Enterprise applications

3. Click on + New application

4. Give the app a name and select Integrate any other application you don’t find in the gallery (Non-gallery) and then click the Create button

5. Open Manage → Properties menu

6. You should see a screen similar to this, where you can upload Salto logo from <a href="" target="_blank" rel="nofollow noopener noreferrer">here</a> 

7. Go to Manage → Users and groups and assign relevant users to be able to use this application

8. Open Manage → Single sign-on and select SAML

9. Edit Step 1
 1. Identifier should be: <code>urn:auth0:salto:REPLACE_ME</code>
 2. Reply URL (Assertion Consumer Service URL) should be: <code>https://auth.salto.io/login/callback?connection=REPLACE_ME</code>
 1. <code>REPLACE_ME</code> should be replaced with the connection name you got from Salto, or you can use your domain name with hyphens instead of dots, e.g.: <code>acme.com → acme-com acme.co.uk → acme-co-uk</code>
10. Edit Step 2

11. Set up the claims required for Salto SAML integration
 
 1. <code>user.mail → email</code>
 2. <code>user.surname → family_name</code>
 3. <code>user.givenname → given_name</code>
 4. The namespaces can be removed
 It is recommended to verify that the Users that are going to use Salto have valid values for these 3 fields
12. Send back to Salto support: 
 1. Download Certificate Base64
 
 2. Login and Logout URLs

13. Salto support team will processes your request and notify you when it is ready
14. Your SAML configuration for Salto is complete. You can start assigning users and groups to the application.
15. For IDP-initiated SSO, after clicking Salto app in Entra ID "Apps Dashboard", you will be redirected to <a href="" target="_blank" rel="nofollow noopener noreferrer">https://app.salto.io/</a>

16. For SP-initiated SSO, navigate to <a href="" target="_blank" rel="nofollow noopener noreferrer">https://app.salto.io/login</a>, and enter the your email address:

If you encounter any issue during the process, or a generic access denied message after authenticating through Microsoft Entra ID, consult with Salto support team (<a href="mailto:support@salto.io" target="_blank" rel="nofollow noopener noreferrer">support@salto.io</a>).

Please note, the Org Admin user in Salto must invite other users to the org, otherwise when new users log in via SSO they will not be able to access the Salto application.

See this article about inviting members for more information:

<a href="" target="_blank" rel="nofollow noopener noreferrer">https://help.salto.io/en/articles/6845032-inviting-members</a>

Customers who use Microsoft Entra ID as their IdP can securely connect to Salto through SAML

Prerequisites

Supported features

Troubleshooting