testmail.app supports Single Sign-On (SSO) using SAML 2.0. If you are using Okta as your Identity Provider (IdP), you can enable your users to sign in to their organization on testmail.app through our Single Sign-On mechanism. This guide will help you configure Single Sign-On using SAML 2.0 for your testmail.app organization with Okta.

This feature is only available for enterprise customers.

Application setup in Okta

You have to add a new application (Testmail App) in your IdP that uses SAML 2.0 for authentication. Just make sure to use the following configuration for the application.

1. Single sign-on URL:

https://sso.testmail.app/saml

2. Audience URI (SP Entity ID):

https://testmail.app

3. Redirect URL/Callback URL/ACS (Consumer) URL/Recipient URL:
   It's compulsory to pass the Recipient URL from IdP which should be equal to the callback url. If you don't mention it (not a required field in IdP), some IdPs will automatically send the value of the Recipient URL as the ACS URL. If you mention make sure it is same as the ACS URL.

https://sso.testmail.app/saml

4. SAML signature element
   SAML Assertion & Response should be signed.

5. Signature Algorithm
   The Signature Algorithm should be RSA-SHA256 and the Digest Algorithm should be SHA256.
6. Attributes/Parameters
   It's mandatory to pass the below fields with the same field-name as below (case sensitive).
   • id
   • name
   • email
   • role (Optional) If you wish to pass the role for the user, you can set this field to either "Member" or "Admin." Note: If no role is passed, the user will be assigned the "Member" role by default.

The id should be unique for every user. 

Integration in testmail.app

Navigate to your console → Settings →  Setup single-sign-on (SSO) with SAML 2.0.

After configuring the required fields, your SSO setup will be submitted for review. Our technical team will verify the settings, and you will receive an email notification once the integration is activated.

1. IDP entity ID (Issuer URL):
   Use the Identity Provider Issuer/Issuer URL of the Testmail application in your IdP. It will be similar to the below format.

http://www.okta.com/SOME_KEY

2. SP Entity ID (Audience URI): It should match the Audience URI of the Testmail application in Okta.

https://testmail.app

3. X509 Certificate:
   Copy the X.509 certificate from the Okta SAML setup instructions.
4. Remote Login URL: Copy the Identity Provider Single Sign-On URL from the Okta SAML setup instructions.
5. Allowed Domains: Configure the domains according to your organization to implement Single Sign-On (SSO) for those domains. Note: If SAML Single-Sign-On is enabled and new domains are added in the future, they will be placed under review. Your current SSO setup will remain active for the existing domains.
6. Click Save Configuration:
   Upon clicking, a confirmation message will pop up stating that your settings are saved and under review, and our technical team has been notified.

Need help?

Please feel free to reach out at [email protected] for any help regarding SAML integration for Single-Sign-On with Okta.