What adding SAML SSO involves
Adding Security Assertion Markup Language (SAML) Single Sign-On (SSO) means connecting each customer's identity provider (IdP) to your app, the service provider (SP), usually by exchanging metadata. The IdP authenticates the user and sends your app a signed assertion. The Bridge stores these as per-tenant connections you add from the dashboard.
In SAML, your app is the service provider (SP) and the customer runs the identity provider (IdP), such as Okta or Microsoft Entra ID. You connect the two by exchanging metadata, often just a metadata URL, which carries the endpoints and signing certificate each side needs.
Once connected, the IdP authenticates the user and sends your app a signed assertion describing who they are. Your app validates the signature and opens a session. Crucially this is per customer: each enterprise brings its own IdP, so you manage a connection per tenant.
For how this fits with sessions and roles, see the SaaS authentication guide. With The Bridge, each SAML connection is added in the Control Center per tenant, with signed requests on by default, so it is configuration rather than per-customer code.
