SAML 2.0 Authentication
This guide explains how to configure Single Sign-On (SSO) using the SAML 2.0 protocol between your organization’s Identity Provider (IdP) and Salespeak.
⚠️ Important
SAML requires exchanging configuration values between both sides.
Please contact our Support team to obtain the required SP values before starting.
Overview
Protocol: SAML 2.0
Identity Provider (IdP): Your organization’s identity system
Service Provider (SP): Salespeak
Authentication flow:
User attempts to sign in to the application
User is redirected to your IdP
User authenticates using corporate credentials
IdP sends a signed SAML response to the application
User is logged in
What You’ll Need Before You Start
From our Support team, request the following:
SP Entity ID (Audience URI) (urn:amazon:cognito:sp:us-west-2_IRkIiRXZg )
Assertion Consumer Service (ACS) / Reply URL (https://salespeak.auth.us-west-2.amazoncognito.com/saml2/idpresponse)
Supported NameID format
Required user attributes (claims)
From your side, you will provide:
IdP Federation Metadata XML
(or IdP issuer, SSO URL, and signing certificate)
Step 1: Create a New SAML Application in Your IdP
Sign in to your Identity Provider’s admin console
Create a new application / integration
-
Choose:
SAML 2.0 as the authentication method
Non-gallery / custom application (if applicable)
Give the application a recognizable name (e.g.
CompanyName – SSO)
Step 2: Configure Basic SAML Settings
In the SAML configuration screen, enter the values provided by Support:
| Field | Value |
|---|---|
| Entity ID (Audience) | urn:amazon:cognito:sp:us-west-2_IRkIiRXZg |
| ACS / Reply URL | https://salespeak.auth.us-west-2.amazoncognito.com/saml2/idpresponse |
| Sign-on URL | Optional |
| Logout URL | Optional |
⚠️ These values must match exactly (including protocol and trailing slashes).
Save the configuration.
Step 3: Configure User Attributes & Claims
The application requires a unique identifier for each user.
user.mail
- user.displayname
Exact attribute requirements may vary.
Refer to instructions from Support if specific claim names are required.
Step 4: Assign Users or Groups
Most IdPs require explicitly assigning users before access is allowed.
Navigate to Users / Groups assignment
-
Assign:
Individual users, or
One or more groups
Only assigned users will be able to sign in using SSO.
Step 5: Download and Share IdP Metadata
Download the Federation Metadata XML from your IdP
Send the metadata file to our Support team
This metadata contains:
IdP issuer
SSO endpoint
Signing certificate
Step 6: Application Configuration (Handled by Support)
Once metadata is received, our team will:
Configure your IdP in the application
Set up attribute mappings
Enable SSO for your organization
Notify you when setup is complete
Step 7: Test SSO Login
After confirmation from Support:
Navigate to the application login page
Enter your corporate email (if applicable)
You should be redirected to your IdP
After authentication, you should be logged in successfully
Common Issues & Troubleshooting
| Issue | Likely Cause |
|---|---|
| Login fails immediately | User not assigned to the SAML app |
| “Invalid audience” error | Entity ID mismatch |
| “Reply URL mismatch” | Incorrect ACS URL |
| User missing email | Email claim not mapped |
| Authentication succeeds but login fails | Unsupported NameID format |
If issues persist, contact Support with:
Error message (if shown)
Timestamp of the login attempt
Test user email address
Support
For SAML SSO setup assistance or to request configuration values, contact:
📧 Support Email: support@salespeak.ai
📝 Subject: SAML SSO Setup Request