This article describes how to set up Velocity as a Service Provider (SP) using a SAML 2.0 Identity Provider (IdP) for authentication. Please contact us to enable this functionality before beginning the setup process.

We support the following Identity Providers:

  • Amazon SAML

  • Google G Suite SAML

  • Okta

  • OneLogin

  • Azure AD

  • JumpCloud

If you're looking to configure Velocity with Okta, check out our docs on Configuring Velocity with Okta.

Setup Steps

To configure your organization to use SAML for authentication, you will need administrator permissions within Velocity and your IdP.

Step 1. Choose a Sign In URL

Navigate to the SAML Settings page and choose a unique organization identifier that will form the last part of your ACS URL. Once you save that setting and copy the URL to your clipboard, you are ready to configure your IdP.

Velocity uses the following format for its Assertion Consumer Service (ACS) URLs:

  • “organization” is the unique organization identifier you entered in the SAML settings.

Step 2. Configure your IdP

Within your IdP, create a new SAML application for Velocity. Velocity uses the same URL for both the Service Provider (SP) Assertion Consumer Service (ACS) URL and Entity ID. Therefore, use these settings:

  • ACS URL/Reply URL: Paste the ACS URL from Step 1

  • Entity ID: Paste the ACS URL from Step 1

IdP Metadata

Velocity needs metadata about your IdP in order to successfully communicate with it using SAML. There are two options for this:

  1. Your IdP may expose a publicly available IdP Metadata URL

  2. Your IdP may expose an IdP Metadata XML file which you can download.

If both options are available, the URL is preferable, as it allows for the IdP to update metadata without your intervention.

Copy the IdP Metadata URL to your clipboard, or download the IdP Metadata XML file and copy the entire contents of the file to your clipboard for Step 3.

Attribute Mappings

Velocity can use names and email addresses from your IdP when provisioning users. Setup metadata mappings for the following fields (note these are case sensitive):

  • FirstName -- The first name of the IdP user

  • LastName -- The last name of the IdP user

  • Email -- The email address of the IdP user

Step 3. Configure Velocity

Return to the SAML Settings within Velocity and paste the XML from Step 2 into the Identify Provider (IdP) XML Metadata field and save.

Step 4. Test your configuration

You should now be able to log out and log in to Velocity via your ACS URL. Now that you’ve validated, you can authenticate with SAML via your IdP.

Step 5. Require SAML authentication

You can enforce the requirement that all users within your Velocity organization sign in this way. New users must be invited to your Velocity organization, and they will need to authenticate via SAML to accept their invitations. Please contact us to enable this setting on your Velocity organization.

Did this answer your question?