Configuring SAML-Based SSO in Datarails

Datarails supports Single Sign-On (SSO) using the SAML 2.0 protocol, enabling organizations to authenticate their users via enterprise-grade identity providers. This guide provides a feature overview and configuration steps to help organizations set up and manage SAML-based SSO within the Datarails platform.

The expansion of SAML support allows for integration with providers such as DUO, Google Workspace, JumpCloud, and more — driven in part by strategic enterprise requirements like those from Cisco.

How It Works

When a user selects “Other” on the Datarails login screen, they are prompted to enter their organization’s domain name. This domain determines which SAML service provider the user will be redirected to for authentication. Upon successful login, they are returned to Datarails.

• On first login, the domain must be manually entered.
• On subsequent logins, the domain is saved and shown as a shortcut to improve speed and usability.

If an invalid domain is entered, the user is notified via a clear error message.

User Login Flow

First Time Login

  1. Navigate to https://app.datarails.com
  2. Click “Other” under 'Sign in with' options.

  3. Enter your organization's domain name and click “Continue”.

  4. You are redirected to your organization’s SAML login screen.
  5. Enter your organizational credentials and log in.

Returning Users

The previously used domain is remembered and displayed directly. Click “Continue” to proceed with SSO.

Error Handling

If the domain is not recognized, the following message appears:
“We couldn’t find an organization linked to that domain. Please check for typos or contact your administrator".

Organization Configuration

Admins configure SAML for their organization via the Datarails UI.

Admins must input:

  • Name or type (e.g., “DUO”, “Google Workspace”)
  • IDP Issuer (entity ID)

The system displays:

  • IDP metadata URL (read only)
  • Datarails ID (read only)
  • Datarails ID URL (read only)

Note: The “Certificate” field has been removed from this configuration flow.

Security & Flexibility

  • Login flow is dynamically routed based on domain — no provider-specific hardcoding required.
  • Icons are only shown for commonly used providers (e.g., Microsoft, Google, Apple).
  • Scalable approach enables support for additional providers without UI updates.

FAQs

Q: How many SAML providers can be configured per org?
A: Only one active SAML configuration is supported per organization.

 

Q: What happens if my provider isn’t listed explicitly in the UI?
A: As long as it complies with SAML 2.0, it is supported.

 

Q: Do I need to upload certificates?
A: No — the updated modal removes certificate fields. Basic entity information is sufficient.



© Datarails Ltd. All rights reserved.

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.