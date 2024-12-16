Setting up a Default Relay State for IdP Initiated - SAML Logins
Add a default landing url for users logging in through SSOGo to Setting up a Default Relay State for IdP Initiated - SAML Logins
Expands upon our general SAML setup guide to configure and enable SSO authentication in your Sanity instance using the SAML protocol and PingIdentity (Cloud) as an identity provider (IdP)
During the setup and configuration process, it's a good idea to keep two windows side by side:
Go to Sanity Manage and select the organization you want to enable SSO for your organization.
To navigate to the service provider configuration inside Sanity Manage:
You will need to configure the attributes sent to Sanity from Ping Identity, several are required including: email, firstName, and lastName. these can be found within the SSO setting from the Getting Ready step.
Attributes are case sensitive and if not inputted correctly may service as a 422 error.
Enterprise customers can map user identity provider roles to service provider roles. For example, users with a Ping Identity
example-admin-user-role role are mapped to the Sanity
viewer role when they log in.
Now that you have set up everything in Ping, you can now upload your certification and update the configuration on the Sanity side.
Ensure you save all changes inside Sanity Manage and Ping Identity
{"statusCode":422,"error":"Unprocessable Entity","message":"child \"attributes\" fails because [\"value\" must contain at least one of ...
{ "id": "3431pXO", "displayName": "Sanity Support", "email": "sanity@sanity.io", "familyName": "Sanity Support", "givenName": "Sanity", "middleName": null, "imageUrl": null, "provider": "saml-f6a94", "tosAcceptedAt": "2024-11-20T18:51:57.264Z", "createdAt": "2024-11-20T18:51:57.264Z", "updatedAt": "2024-11-20T18:51:57.535Z", "isCurrentUser": true, "providerId": "49jc94jf949930304jkojfciojlj934003490943" }
