Skip to main content

Configuring Velocity with SAML 2.0

A step by step guide to configuring your Velocity account with SAML 2.0

J
Written by James McGill
Updated over 10 months ago

This article describes how to set up Velocity as a Service Provider (SP) using a SAML 2.0 Identity Provider (IdP) for authentication. Please contact us to enable this functionality before beginning the setup process.

We support the following Identity Providers:

  • Amazon SAML

  • Google G Suite SAML

  • Okta

  • OneLogin

  • Azure AD

  • JumpCloud

If you're looking to configure Velocity with Okta, check out our docs on Configuring Velocity with Okta.

Setup Steps

To configure your organization to use SAML for authentication, you will need administrator permissions within Velocity and your IdP.

Step 1. Choose a Sign In URL

Navigate to the SAML Settings page and choose a unique organization identifier that will form the last part of your ACS URL. Once you save that setting and copy the URL to your clipboard, you are ready to configure your IdP.

Velocity uses the following format for its Assertion Consumer Service (ACS) URLs:

https://velocity.codeclimate.com/org/organization

  • “organization” is the unique organization identifier you entered in the SAML settings.

Step 2. Configure your IdP

Within your IdP, create a new SAML application for Velocity. Velocity uses the same URL for both the Service Provider (SP) Assertion Consumer Service (ACS) URL and Entity ID. Therefore, use these settings:

  • ACS URL/Reply URL: Paste the ACS URL from Step 1

  • Entity ID: Paste the ACS URL from Step 1

IdP Metadata

Velocity needs metadata about your IdP in order to successfully communicate with it using SAML. There are two options for this:

  1. Your IdP may expose a publicly available IdP Metadata URL

  2. Your IdP may expose an IdP Metadata XML file which you can download.

If both options are available, the URL is preferable, as it allows for the IdP to update metadata without your intervention.

Copy the IdP Metadata URL to your clipboard, or download the IdP Metadata XML file and copy the entire contents of the file to your clipboard for Step 3.

Attribute Mappings

Velocity will use names and email addresses from your IdP when provisioning users. Setup metadata mappings for the following fields (note these are case sensitive):

  • FirstName -- The first name of the IdP user

  • LastName -- The last name of the IdP user

  • Email -- The email address of the IdP user

Note: Please confirm your IdP's Application Settings for Velocity include the above attribute mappings for name and email.

Step 3. Configure Velocity

Return to the SAML Settings within Velocity and paste the XML from Step 2 into the Identify Provider (IdP) XML Metadata field and save.

Step 4. Test your configuration

You should now be able to log out and log in to Velocity via your ACS URL or via the main Velocity login page. Now that you’ve validated, you can authenticate with SAML via your IdP.

Step 5. Require SAML authentication

You can enforce the requirement that all users within your Velocity organization sign in this way. New users must be invited to your Velocity organization, and they will need to authenticate via SAML to accept their invitations. Please contact us to enable this setting on your Velocity organization.

Did this answer your question?