SSO - SAML

Configuring single sign using SAML integrates IcePanel with your organizations identity provider. This allows users in your organization to securely and easily sign in to IcePanel without the need to manage additional credentials.

Getting started

Instructions can vary based on your SAML identity provider. See examples for identity providers below.

Create a new SAML application in your identity provider with the following info.

• ACS URL / Reply URL - https://app.icepanel.io/__/auth/handler

• Entity ID / Identifier - icepanel.io

Then fill out our SAML registration form with the requested information from your app. Once that's submitted, it can take up to 1 business day for us to configure it. We'll be in touch shortly to confirm and check everything is working.

Note: IdP initiated login is not supported yet so you'll need to use the SAML login page.

SSO share links

Once you've configured a SAML app with us you can globally secure access to share links with SSO.

In organization management you can set one or more domains that can access your share links securely. The example below will restrict all share link access to users who authenticate with @icepanel.io email addresses.

Users will now be redirected to your SAML authentication flow before gaining access to a share link. They will not be required to create an IcePanel account, so these users will not count toward your plan seat count in any way.

Identity providers

We support all identity providers that support SAML 2.0.

Google Workspace

1. First navigate to Apps / Web and mobile apps on the Google Admin console.

2. Click Add app / Add custom SAML app.

3. Fill in the app name as IcePanel and upload the IcePanel logo.

4. Copy the values from the SSO URL, Entity ID and Certificate fields into our SAML registration form.

5. Set the ACS URL field to https://app.icepanel.io/__/auth/handler.

6. Set the Entity ID field to icepanel.io.

7. Set the Name ID format field to EMAIL and the Name ID field to Primary email.

8. Click the User access section and check the toggle for ON for everyone.

9. Done, now wait for us to let you know it's all setup on our end.

Microsoft Entra ID

1. First navigate to Entra ID on the Microsoft Entra ID portal.

2. Click Enterprise applications from the left sidebar.

3. Click New application and pick the Non-gallery application type.

4. Fill in the app name as IcePanel and upload the IcePanel logo.

5. Click Single sign-on in the left sidebar and choose the SAML method.

6. Click the edit pencil in the Basic SAML configuration.

7. Set the Identifier (Entity ID) field to icepanel.io.

8. Set the Reply URL (Assertion Consumer Service URL) field to https://app.icepanel.io/__/auth/handler.

9. Copy the Certificate (Base64), Login URL and Azure AD Identifier fields into our SAML registration form.

10. Click Users and groups in the left sidebar and add the users or groups that need access to IcePanel.

11. Done, now wait for us to let you know it's all setup on our end.

Okta

1. First navigate to Admin > Applications on the Okta portal.

2. Click Add New App and select SAML 2.0.

3. Set the Single sign on URL field to https://app.icepanel.io/__/auth/handler.

4. Set the Audience URI (SP Entity ID)to icepanel.io.

5. Set the Name ID format to email address and the Application usernameto email.

6. Click View setup instructions get the necessary information.

7. Copy the values from the SSO URL, Identity Provider Issuer (Entity ID) and Certificate fields into our SAML registration form.

8. Make sure the required users or groups have permission to access to the Okta app.

9. Done, now wait for us to let you know it's all setup on our end.

Need more support?

Book a call with our technical team if you have any questions about SSO.