Audience: Organizations

The short answer: Configure an identity provider (IDP) in Command Center to enable SAML-based single sign-on (SSO) for all users on your Proof domain.

Single Sign-On (SSO) lets users log in to multiple applications using a single set of credentials. With SSO, account and credential management is handled by your identity provider (IDP), not by Proof.

Setting up SSO is part of a multi-step process. Click a link below to review that step, or read the domain-based SSO overview, which explains what to expect once the process is complete.

  1. Verify your domain
  2. Set up single sign-on in your Proof account → You are here
  3. Set up SAML configurations with your identity provider for SSO
⚠️
Once SSO is configured by an owner or admin, all users in your organization are affected by the changes.

What You Need

Configuring SSO is bidirectional: the SP metadata must be configured in the IDP, and the IDP metadata must be configured in the SP. You need both of the following:

  • A Proof-verified domain (see Verify your domain for instructions)
  • A metadata file (.xml) from your identity provider

Metadata file options:

Option A (most common): Download a metadata file (.xml) from your Identity Provider (IDP). Common guides:

Option B: If you cannot download a metadata file from your IDP, you will need the following details manually:

  • Entity ID
  • X509 public certificate
  • Single sign-on (SSO) URL
  • SSO request binding
  • [Optional] Single log-out (SLO) URL and request binding

Set Up SSO

New to Command Center? Here's how to access it.

  1. Click Security from the left menu.
  2. Select Identity providers.
  3. Click Configure new identity provider in the upper right corner.
  4. Type an internal name for your configuration.
    • This can be any name you choose — many admins align it with the name of their IDP.
  5. Select a method for providing your metadata.
    • XML file: Drag and drop or click to upload the metadata file (.xml) from your IDP.
    • Manual entry: Provide the required fields from your IDP, including: Entity ID, X509 public certificate, SSO URL, SSO request binding, and optionally Single Log-Out (SLO) details.
  6. Click Process.
  7. Review the configuration in detail:
    • Confirm at least one certificate is visible and in the Active state.
    • If you or your metadata provided an SLO URL, SLO will be enabled — when a user logs out of their identity provider, they will also be logged out of Proof.
    • You can delete and replace the metadata file or edit configuration details if anything needs to be changed.
  8. Click Save.
    • Your SAML configuration is not yet active — no users will be impacted at this stage.
  9. Proceed to the next section to activate.

Activate Your SAML Configuration

To activate this SAML configuration, connect it to a verified domain.

  1. Select Details and Policies for the domain you'd like to update.
    Details and Policies option for a domain in Command Center
  2. Click Edit.
  3. Select the configuration you created from the dropdown.
    • Review the configuration details, including JIT provisioning, routing logic for new users, and whether users will retain password access.
  4. Click Save.

Once saved, the SSO configuration will be live and applied to all users on the Proof platform with your domain.

SAML IDP configuration panel showing domain-based SSO settings in Command Center


Summary Checklist

  • Verify your domain in Command Center (Verify your domain).
  • Obtain a metadata file (.xml) from your identity provider, or gather Entity ID, X509 certificate, and SSO URL.
  • In Command Center, go to Security → Identity providers and click Configure new identity provider.
  • Upload your metadata file or enter your IDP details manually, then click Process.
  • Review the certificate status and click Save.
  • Under Details and Policies for your domain, select the new configuration and save to activate SSO.

Still Unsure?

Our support team is happy to help. Submit a support request or chat with us from any page in the app.


Updated

Was this article helpful?

0 out of 0 found this helpful