By following the steps outlined in this guide, you will be able to set a SAML 2.0 application with your Identity Provider (IdP), ensuring a seamless and secure authentication process for your users. While this document includes general instructions for any IdP, it also provides a detailed example of configuring Okta.

Prerequisites

You will need to the following details in order to set up SAML:

Forwrd to enable SAML authentication
FORWRD_CONNECTION_ID
AUDIENCE_URI

Reach out to your customer success manager at Forwrd.ai to receive this information.

General Instructions for Setting Up SAML 2.0

Step 1: Create a SAML 2.0 Application

Log in to your IdP Admin Console: Access the administrative interface of your Identity Provider (e.g., Okta, OneLogin, Azure AD).
Create a New Application: Look for an option to create a new application or integration.
Select SAML 2.0: Choose SAML 2.0 as the sign-in method.

Configure SAML Settings

Single Sign-On URL (ACS URL):
https://auth.forwrd.ai/login/callback?connection=<FORWRD_CONNECTION_ID>
Replace <FORWRD_CONNECTION_ID> with the connection Id provided by Forwrd.
Audience URI (SP Entity ID):
Set it with the provided AUDIENCE_URI from Forwrd.
Default RelayState
Set it with Forwrd application URL: app.forwrd.ai
Name ID Format:
Select EmailAddress.
Application Username:
Select Email.

Configure Attribute Statements

To pass additional user information, you should configure attribute statements:

Email:
- Name: email
- Value: The user’s email (e.g. user.email)
User Name:
- Name: name
- Value: The user’s first + last name
  (e.g. user.firstName + " " + user.lastName)

Step 2: Download IdP Metadata

Download the metadata file or note down the metadata URL provided by your IdP. This metadata contains necessary information such as the IdP Entity ID, Single Sign-On URL, and X.509 certificate.

Step 3: Provide Metadata to Forwrd AI

Please provide the following information to your customer success manager at Forwrd.ai to complete the setup (or the IdP Metadata URL or File):

Single Sign-On URL
X.509 Certificate
Sign out URL

Step 4: Validate the Connection

Once Forwrd acknowledge the setup completion on the platform end and a successful validation, make sure to test the application sign-in to the Forwrd.ai platform.

Instructions for Setting Up Okta Application

Log in to Okta and create a New SAML 2.0 application:
- Navigate to your Okta admin dashboard.
- Go to Applications > Applications.
- Click on Create App Integration.
- Select SAML 2.0 and click Next.
General Settings:
- Name:
  Provide a name for your application (e.g., "Auth0 Integration").
- Optionally, upload a logo and provide other settings.
- In order to have the application accessible for authorized users - make sure the “Do not display application icon to users” is not selected.
- Click “Next”.
Configure SAML:
- Single sign-on URL: https://auth.forwrd.ai/login/callback?connection=<FORWRD_CONNECTION_ID>
  Replace <FORWRD_CONNECTION_ID> with the connection Id provided by Forwrd.ai.
- Audience URI (SP Entity ID):
  Set it with the provided AUDIENCE_URI from Forwrd.ai.
- Default RelayState
  Set it with Forwrd AI application URL: app.forwrd.ai
- Name ID format:
  Select EmailAddress.
- Application username:
  Select Email.
- Attribute Statements:
  - Name: email
    Name format: Leave as Unspecified
    Value: user.email
  - Name: name
    Name format: Leave as Unspecified
    Value: user.firstName + " " + user.lastName
- Click “Next”
Finish and Save:
- Select “I'm an Okta customer adding an internal app”
- Select the relevant “App type” and details
- Click “Finish”
Note down the Identity Provider metadata URL or download the metadata file and send it to Forwrd.
Or provide the specific details:

Single Sign-On URL
X.509 Certificate
Sign out URL

SAML 2.0 Configuration