Please confirm that your IdP setup will integrate with Freshpaint using the SAML protocol.

We will need the Entity ID (also known as Issuer), SSO URL, and X.509 Certificate from your IdP in order to complete the SSO setup on our end. Here are the instructions for how to set up your IdP to get this information:

• create a new app in your IdP and give it a name (e.g. “Freshpaint”)

• for the SSO URL, paste https://auth.freshpaint.io/__/auth/handler

• for Audience URI, paste freshpaint.io

• set Name ID format and Application User Name to “Email”

• add an attribute statement with name “email” and value “user.email”

• please provide us with the IdP SSO URL, IDP Issuer, and X.509 Certificate

Once we have those items, we’ll continue the setup on our end and let you know when the SAML connection is ready to be tested. The login URL will be https://app.freshpaint.io/login/sso/[tbd]

Note: after a user is assigned to the app within your IdP and invited from within Freshpaint, the user will need to log in directly to Freshpaint via your IdP, then accept the email invite while they’re still logged in. If the user attempts to accept the invite without logging in first, they’ll get redirected to the generic login page (i.e. without the option to log in via your IdP).