Skip to content

SSO provider guides

These guides walk through connecting a specific identity provider to KloudMate end to end: what to create in the IdP, where to paste KloudMate’s values, and what to copy back. Each one assumes you’ve read the SSO overview and that you’re the organization owner on a paid plan.

When your IdP supports both, OIDC is usually the simpler path — you exchange a discovery URL and a client ID/secret instead of wrangling XML metadata and certificates. Use SAML when your IdP only offers SAML, or when your security team standardizes on it.

Every guide pastes the same handful of values into the IdP. Copy the ACS URL from your own Service provider details card rather than assuming the host — it depends on your environment.

What your IdP asks forValue to use
SAML ACS / Reply / Recipient / Destination URLhttps://api.kloudmate.com/sso/saml
SAML SP Entity ID / Audience URIthe entityID in the downloaded SP metadata
SAML NameID formatemailAddress (email in the NameID, or an email attribute)
OIDC Redirect / Callback / Sign-in redirect URIhttps://api.kloudmate.com/sso/oidc
OIDC scopesopenid email profile

After you finish a provider guide, verify your company domain so your team can sign in by typing their work email, then choose a provisioning mode.