Single Sign-On SAML Integration

If you have an Enterprise account in Row Zero, you can configure single sign-on (SSO) via SAML 2.0 using your organization's existing SSO provider (Okta, Microsoft Entra, etc.). Every SSO platform uses slightly different terminology when configuring an SSO integration, so don't hesitate to contact us for help when you are configuring your provider.

Row Zero supports SAML 2.0 for single sign-on with HTTP-POST binding. We support both identity provider-initiated and service provider-initiated login flows.

Here is the information that you will need to configure a new Row Zero SAML application in your identity provider:

1. ACS (Assertion Consumer Service) URL or Callback URL:
   • https://auth.rowzero.io/login/callback?connection=<CONNECTION_NAME>
   • Note: You will need to replace CONNECTION_NAME above with an identifier that Row Zero will provide. Contact us when you are setting up your SSO integration and we will give you the CONNECTION_NAME to use.
2. Audience URI (SP Entity ID):
   • urn:auth0:rowzero:<CONNECTION_NAME>
   • Note: Again, replace CONNECTION_NAME with the identifier Row Zero provides.
3. Application username format:
   • Email (NameID format should be EmailAddress)
4. Attribute Mappings (Required), with the Name Format as Unspecified:
   • email → user user.emailAddress
   • email_verified → true (literal boolean value)

Once you have configured a Row Zero SAML application in your identity provider, contact us at Row Zero so that we can finish configuring the SSO integration on our end.

This is the information that we will need from you:

1. The SAML Sign In URL (also called SSO URL or IdP Metadata URL) for the application
2. The X.509 Signing Certificate from your identity provider (PEM format). Do not share this via email or other unsecured means. We will give you a secure way to provide your certificate.
3. Your identity provider domain(s) for login experience (e.g., yourcompany.com)