SSO / SAML Setup

Configure SAML single sign-on for your organization

WAF360 supports SAML 2.0 single sign-on (SSO), allowing your team to authenticate through your organization's identity provider (IdP) such as Okta, Azure AD, or Google Workspace.

Prerequisites

  • A WAF360 organization with Master access
  • A SAML 2.0 compatible identity provider
  • IdP metadata (Entity ID, SSO URL, Logout URL, X509 Certificate)

Accessing SAML Settings

  1. Navigate to your organization in the sidebar
  2. Click SSO in the navigation
  3. Click on SAML to open the configuration page

The connection status shows Active (green) if SAML is configured, or Inactive (gray) if not.

Configuration Fields

Enable SAML

Toggle to activate or deactivate SAML authentication for your organization.

Disable Password Login

When enabled, users in your organization can only log in through SAML SSO. Standard email/password login is disabled.

Use caution when enabling this option. Ensure your SAML configuration is working correctly before disabling password login.

Your Domain

Enter your organization's email domain (e.g., example.com). This is used to route users to the correct SSO login.

Identity Provider (IdP) Configuration

FieldDescription
Entity ID of IDPThe unique identifier for your identity provider
Login URL of IDPThe SSO login endpoint URL
Logout URL of IDPThe SSO logout endpoint URL
X509 Certificate of IDPThe public certificate from your IdP for signature verification

User Access Control

Optionally restrict which users can access WAF360 through SAML:

  • Leave empty to allow all users from your IdP
  • Add email addresses to restrict access to specific users only

Use the add/remove buttons to manage the allowed user list.

Setup Steps

  1. Configure your IdP — In your identity provider (Okta, Azure AD, etc.), create a new SAML application for WAF360
  2. Collect IdP metadata — Note your Entity ID, Login URL, Logout URL, and download the X509 certificate
  3. Enter configuration — Fill in all required fields in the WAF360 SAML settings
  4. Set your domain — Enter the email domain used by your organization
  5. Enable SAML — Toggle the enable switch
  6. Test login — Open a new browser window and test SSO login before disabling password login
  7. (Optional) Disable password login — Once confirmed working, optionally disable password-based login

SSO Login

Once SAML is configured, users can log in via SSO:

  1. On the WAF360 login page, click the SSO login option
  2. Enter the organization's domain
  3. The user is redirected to the IdP for authentication
  4. After successful authentication, the user is redirected back to WAF360

Troubleshooting

  • Cannot log in via SSO — Verify the IdP Login URL and Entity ID are correct
  • Certificate errors — Ensure the X509 certificate is complete and properly formatted
  • Locked out after disabling password login — Contact [email protected] for assistance