---
title: "Configure SSO"
slug: "configure-sso"
description: "This article provides directions for configuring Single Sign-On (SSO) with Fullcast using a SAML v2 Identity Provider (IdP), outlining the supported features, required settings for both Fullcast and IdP, and the necessary steps to complete the SSO setup. "
updated: 2025-09-23T16:14:31Z
published: 2025-09-23T16:14:31Z
canonical: "support.fullcast.com/configure-sso"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fullcast.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure SSO

Configure Single Sing-On (SSO) with Fullcast using a SAML 2.0 Identity Provider (IdP).

> [!NOTE]
> **Note**
> 
> IdP-initiated Single Sign-on is not supported.

### Supported features

- **Service provider (SP)-initiated only:**You must first login to Fullcast to begin the SSO login process. The SSO app panel can use a bookmark app to allow login from the app `directory`.
- [**Just-in-Time (JIT) provisioning:**](/v1/docs/configure-just-in-time-jit-provisioning) Fullcast supports automatic user provisioning upon initial login through SSO.
- **User access management:** User access within Fullcast is managed through the Fullcast user management settings panel.
- [**System for Cross-domain Identity Management (SCIM) provisioning:**](/v1/docs/configure-scim)Automates the exchange of user identity information between Fullcast and your IdP.

### Before you begin

- **Login to your IdP:**You must be logged in so you can update the settings for SSO with Fullcast.

> [!WARNING]
> Tip
> 
> Log in to your IdP in a separate tab or window so you can complete the configuration with Fullcast simultaneously.
- **Copy your domain URL:**Your domain URL is required to configure SSO in Fullcast.

### Configure SSO

1. Access your Fullcast instance.
2. Go to **Settings > Users > Settings**.
3. Under **Authentication System**, select **Single Sign-On**.
4. In the field, paste your domain URL.
5. Click **Configure SSO**.

![Field highlighted where you type your domain url.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image-1746732455498.png)
6. In the **Configure Single Sign-On** window, click **Get Started**.
7. Select **Custom SAML** then click **Next**.

![Custom SAML and Next buttons highlighted in the Configure Single Sign-On window.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(157).png)

### Create an application

1. On the **Create an Application** step, copy the **Single Sign-On URL** and paste in corresponding field in your IdP.

> [!NOTE]
> Note
> 
> The **Single Sign-On URL** specifies where the security token is sent after you are authenticated by your IdP and is automatically populated with your Fullcast tenant ID. Depending on your IdP the corresponding fields may be labeled differently, such as Assertion Consumer Service URL and Callback URL. Refer to your IdP’s support documentation for additional information.
2. Copy the **Service Provider Entity ID** and paste in corresponding field in your IdP.

![Single Sign-On URL and Service Provider Entity ID highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(159).png)
3. Click **Next**.

### Configure your connection

You can choose to configure your connection automatically in Fullcast or manually.

From the **Configure Connection** step, select one of the following tabs and complete the steps:

AutomaticManual

This configuration is recommended as it uses the metadata URL to automatically update your singing certificate from your IdP any time it renews.

1. From your IdP, Find and copy the metadata URL.
2. In the **Automatic**tab in Fullcast, paste the metadata URL in the corresponding field.

![Metadata URL field highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(161).png)

If you manually configure your connection, you will have to ensure the signing certificate is manually uploaded each time it renews to maintain the SSO connection.

1. From your IdP, copy your Single Sign-On Login URL.
2. Find and download the signing certificate.
3. In the **Manual**tab in Fullcast, paste the **Single Sign-On Login URL** in the corresponding field.
4. Click **Upload Signing Certificate** and upload the certificate from your device.

![Single Sign-On Login URL field and Upload Signing Certificate button highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(162).png)

#### Configure Advanced Settings

The **Advanced Settings** are optional, but recommended. The SAMLP and **Sign Request** option automatically signs the SAML authentication request.

> [!NOTE]
> Note
> 
> You are not required to select **Sign Request**and the SSO connection will still work if this is not enabled.

1. Expand the **Advanced Settings**.
2. Select **Sign Request**.
3. Keep the default selections in the **Sign Request Algorithm**, **Sign Request Algorithm Digest**, and **Request Protocol Binding** dropdowns.
4. Click **certificate**to download the certificate from Fullcast.

![Options and fields highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(164).png)
5. In your IdP, enable SAMLP and upload the certificate.
6. Click **Create Connection**.
7. In the confirmation window, click **Proceed**.

### Test SSO connection

1. From the **Test SSO** step, click **Test Connection**.

> [!NOTE]
> Note
> 
> If the connection is successful, **Test Successful** will display.
2. Check the JSON displayed to ensure the correct user attributes are being passed.

![JSON highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(166).png)
3. Click **Enable Connection**.
4. In the **Proceed to enable the connection**confirmation window, click **Proceed**.

### Configure IdP settings

Check the following configurations in your IdP which are required for SSO with Fullcast. Refer to your IdP’s user documentation for support, as needed.

> [!NOTE]
> Note
> 
> If the SSO configuration is not correct, the connection will not work. Fullcast does not display errors when this happens and you will need to manually check that your configuration is correct then try again.

| Setting | Required value |
| --- | --- |
| Single sign-on URL | The URL Copied from Fullcast and added to your IdP settings. |
| Entity ID | `urn:auth0:fcio:&lt;tenantid&gt;` —copied from Fullcast, `&lt;tenantid&gt;` is automatically populated with your Fullcast tenant ID |
| NameID format | **NameID format**—use one of the following: - `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` - `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` |
| NameID value | The user's email address. |
| SAML Request Binding (Protocol Binding) value | Sent to the IdP from Fullcast. If possible, dynamically set the value based on `connection.options.protocolBinding`. > [!NOTE] > Note > > If dynamically setting the value isn't possible, then set as either `HTTP-Redirect (default)` or `HTTP-Post` if you selected this option in Protocol Binding. |
| HTTP-Redirect | `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect` |
| HTTP-POST | `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST` |
| SAML Response Binding | How the SAML token is received by Fullcast from IdP, set as HTTP-Post. |
| SAML Assertion and Response | The SAML assertion, and the SAML response, can be individually or simultaneously signed. |
| Logout URL | This is the URL where the IdP sends logout requests and responses: `https://auth.fullcast.io/logout`. The IdP must sign all logout requests. |
| Signed Assertions | Proceed depending on your [configuration selection](/v1/docs/configure-sso#configure-your-connection): - **Automatic:**the certificate will automatically update in Fullcast. - **Manually:** download the certificate in either CER or PEM format and upload to Fullcast. |
| Logo image | Download this image to use in your SSO environment for the Fullcast application.![](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/eacbf989-3f0d-4ad4-ac34-3bf279ea7b54.png) |