Skip to content
PandaSuite Docs

Implement SSO authentication with SAML v2

Single Sign-On (SSO) allows users to log in to PandaSuite using their corporate identity, without needing to create an additional account. PandaSuite supports the SAML v2 protocol, used by many identity providers (IdP) such as Azure AD, Google Workspace, Okta, Auth0, etc.

Where to enable SSO?

  • On the editor side → For users accessing PandaSuite Studio.
  • On the web app side → For applications created with PandaSuite (Web App / PWA).

What is SSO via SAML V2?

Single Sign-On (SSO) is an authentication method that allows users to securely log in to multiple applications with a single credential.

Why use SSO?

  • Enhanced security: fewer passwords to manage, reducing the risk of phishing.
  • Seamless experience: smooth login without repeated authentication.
  • Centralized management: access controlled by the IT administrator via an IdP.

The SAML v2 protocol

SAML (Security Assertion Markup Language) is an XML standard that allows a service provider (SP), like PandaSuite, to delegate authentication to an identity provider (IdP).

How does SSO work?

SSO is based on a secure exchange of authentication tokens between PandaSuite and your identity provider (IdP).

  1. The user attempts to access PandaSuite or a web app.
  2. PandaSuite sends an authentication request to the IdP with a token containing the user’s email.
  3. The IdP checks if the user is already logged in:
    • ✅ If yes, access is granted immediately.
    • 🔄 Otherwise, they are redirected to their company’s login page.
  4. The user authenticates with their IdP (e.g., Microsoft 365, Google, Okta credentials, etc.).
  5. The IdP validates the identity and sends a SAML token to PandaSuite.
  6. PandaSuite validates the token and grants access to the user.

💡 Everything happens in the background, without the user having to enter a password on PandaSuite!

Setting up SSO for a web app

⚠️ Currently, SSO authentication with SAML V2 is only compatible with web apps / PWA. For a native application, please contact our team.

  1. Retrieve PandaSuite information

    • Access your PandaSuite account
    • Go to the Apps section and select your web app
    • Go to the Security tab
    • Enable SSO

    PandaSuite automatically provides you with the following information:

    • Identifier (Entity ID): https://pandasuite.com/launcher/c/[APP_ID]
    • Assertion Consumer Service URL: https://pandasuite.com/secure/saml/[APP_ID]/consume
SSO Configuration

  1. Configure your identity provider (IdP)

    Use the information above to configure your PandaSuite application in your identity provider (Azure AD, Google Workspace, Okta, etc.).

  2. Finalize the configuration in PandaSuite

    • In the PandaSuite interface, import the SAML metadata XML file from your IdP or enter the metadata URL provided by your IdP
    • Validate the configuration and test the connection

Setting up SSO to access PandaSuite Studio

💡 Setup requires contacting the PandaSuite team.

  1. Request creation of your organization

    • Contact the PandaSuite team to request the creation of your SSO organization
    • The PandaSuite team will provide you with the necessary information:
      • Entity ID of your organization
      • Assertion Consumer Service URL

  2. Configure your identity provider (IdP)

    Use the information provided by the PandaSuite team to configure PandaSuite Studio in your identity provider (Azure AD, Google Workspace, Okta, etc.).

  3. Send IdP metadata

    Send the PandaSuite team the XML metadata file from your identity provider or a metadata URL. This file automatically contains all the necessary technical information (EntityID, endpoints, certificates, etc.).

  4. Finalization

    Once the configuration is completed by the PandaSuite team, your users will be able to access PandaSuite Studio via SSO.