This summary clarifies settings that can be confusing or have different names. Be sure to refer to the specific Help page (if there is one) for each Identity Provider in case there are further details and settings. Entra ID was formerly known as Azure AD.
----------------------
Identity Provider (IdP): The non-Wasp service that provides user authentication for access to the Wasp product.
Service Provider (SP): The Wasp Cloud software product.
SSO Prerequisites: User and group/role setup that match names.
----------------------
Wasp settings, SAML Service Configuration Valid checkboxes (at the bottom of the page)
Include RequestedAuthnContext
This should always start unchecked. This should only be checked for backwards compatibility if validation fails, due to using an older SAML server.
Entra ID: unchecked
Always force SAML signature validation
This Wasp setting depends on what is set on the IdP (Identification Provider). Generally, if the IdP requires verification certificates for signature validation, check this box.
Entra ID: Verification certificates, Required = No, uncheck Wasp box
Entra ID: Verification certificates, Required = Yes, check Wasp box
----------------------
SAML Claims/Name ID: Unique identifier for the user. Wasp requires this to be the user's email address.
Entra ID: Unique User Identifier: user.mail
----------------------
SAML IdP Service provider Metadata file: Download the XML file to your PC from the (non-Wasp) authentication provider configuration page. Upload this saved file in the Wasp SSO settings page.
In the unlikely event that the XML file is not available, an alternate set of 3 items (from your SAML IdP Administrator) can be used: the SAML URL, 509 Certificate, and Issuer values.
Entra ID: Single sign-on, 3. SAML Certificates, Federation Metadata XML, Download (link)
---------------------
SSO URL: May be referred to as "SSO Service URL", "SAML Post URL location", or "SAML Assertion Consumer Service (ACS) URL".
Found in Wasp's Settings page, in the formhttps://YourTenant.waspassetcloud.com/Account/Saml
https://YourTenant.waspinventorycloud.com/Account/Saml
Entra ID: Reply URL (Assertion Consumer Service URL)
----------------------
Entity Id: Found in Wasp's Settings page, in the formhttps://YourTenant.waspassetcloud.com
https://YourTenant.waspinventorycloud.com
Entra ID: Identifier (Entity ID)
Don't put :443 at end