SAML Configuration
SmartOSH allows user authentication via the SAML protocol. This guide is aimed at authentication environment administrators and details how to enable the link with a SAML identity provider.
Prerequisites
Section titled “Prerequisites”The SmartOSH environment must be configured with a custom URL before starting the integration. If there are PRE and PRO environments, the process must be carried out independently in each of them.
| Environment | URL Example |
|---|---|
| PRO (production) | https://cliente.smartosh.com |
| PRE (pre-production) | https://cliente.pre.smartosh.com |
Metadata exchange
Section titled “Metadata exchange”The order of these steps is not important; they can be performed in whichever order is most convenient for the client or consultant.
Obtain and send the metadata URL to the client
Section titled “Obtain and send the metadata URL to the client”- Access Settings of the SmartOSH environment.
- Go to the SSO section.
- Copy the SAML metadata URL shown in that section.
- Send that URL to the client so they can download the SmartOSH metadata XML file.
Upload the client metadata
Section titled “Upload the client metadata”The client will provide their SAML configuration obtained from their own identity provider.
- Go to Settings → Operations → Import SAML Metadata.
- Upload the XML file provided by the client.
Once these steps are completed, the environment will be ready to authenticate via SAML.
Configuration examples
Section titled “Configuration examples”Azure Entra ID
Section titled “Azure Entra ID”Step 1 — Create the Enterprise application
- In Azure Portal, go to Azure Entra ID → Enterprise Applications.
- Click New application → Create your own application.
- Name:
SmartOSH. - Select Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
Step 2 — Configure SAML
- In the created application, go to Manage → Single sign-on.
- Select SAML.
- In the Basic SAML Configuration section, click Upload metadata file.
- Upload the SmartOSH metadata XML file.
- Azure will automatically complete:
- Identifier (Entity ID):
https://smartosh.com/samlsp - Reply URL (Assertion Consumer Service URL)
- Identifier (Entity ID):
- Click Save.
Step 3 — Obtain Azure metadata
- In SAML Certificates, download the Federation Metadata XML.
- Send this file to SmartOSH to complete the configuration (see Upload the client metadata).
Step 4 — Assign users
According to the client’s internal procedures, assign the corresponding users or groups to the newly created application.
Step 1 — Access applications
- Log in to the Okta admin panel.
- In the side menu, go to Applications → Applications.
Step 2 — Create the integration
- Click Create App Integration.
- Select SAML 2.0 → Next.
Step 3 — General configuration
- App name:
SmartOSH - Next.
Step 4 — Basic configuration
| Parameter | PRO Environment | PRE Environment |
|---|---|---|
| Single sign-on URL | https://CLIENTE.smartosh.com/SAMLConsumeService.aspx | https://CLIENTE.pre.smartosh.com/SAMLConsumeService.aspx |
| Audience URI (SP Entity ID) | https://smartosh.com/samlsp | https://smartosh.com/samlsp |
| Application username | Email (or as agreed with SmartOSH) | Email (or as agreed with SmartOSH) |
Check the option Use this for Recipient URL and Destination URL. The rest of the parameters can be left at their default values or adjusted according to the client’s criteria.
Step 5 — Advanced configuration (Click “Show Advanced Settings”)
In Other Requestable SSO URLs, add the following entries:
PRO Environment:
| URL | Index |
|---|---|
https://CLIENTE.backend.my.smartosh.com/Account/SAMLCallbackNG | 2 |
https://CLIENTE.backend.my.smartosh.com/Account/SAMLCallbackIonic | 3 |
PRE Environment:
| URL | Index |
|---|---|
https://CLIENTE.backend.pre-my.smartosh.com/Account/SAMLCallbackNG | 2 |
https://CLIENTE.backend.pre-my.smartosh.com/Account/SAMLCallbackIonic | 3 |
The rest of the parameters can be left at their default values or adjusted according to the client’s criteria.
Source: KB041 – SAML Configuration, version 1.0.00, 24/11/2025.