
SSO - SAML
IdP initiated login is not supported yet due to a limitation with our auth provider so you'll need to use the SAML login page. A workaround could be to add the SAML login page as a web link to your SSO portal.
Track the request to add IdP initiated login on our feedback board.
Configuring single sign using SAML integrates IcePanel with your organizations identity provider. This allows users in your organization to securely and easily sign in to IcePanel without the need to manage additional credentials.
Getting started
Instructions can vary based on your SAML identity provider. See examples for identity providers below.
Create a new SAML application in your identity provider with the following info.
ACS URL / Reply URL -
https://app.icepanel.io/__/auth/handler
Entity ID / Identifier -
icepanel.io
Then fill out our SAML registration form with the requested information from your app. Once that's submitted, it can take up to 1 business day for us to configure it. We'll be in touch shortly to confirm and check everything is working.
Note: IdP initiated login is not supported yet so you'll need to use the SAML login page.
SSO share links
Once you've configured a SAML app with us you can globally secure access to share links with SSO.
In organization management you can set one or more domains that can access your share links securely. The example below will restrict all share link access to users who authenticate with @icepanel.io
email addresses.

Users will now be redirected to your SAML authentication flow before gaining access to a share link. They will not be required to create an IcePanel account, so these users will not count toward your plan seat count in any way.
Identity providers
We support all identity providers that support SAML 2.0.
Google Workspace
First navigate to
Apps
/Web and mobile apps
on the Google Admin console.Click
Add app
/Add custom SAML app
.Fill in the app name as
IcePanel
and upload the IcePanel logo.Copy the values from the
SSO URL
,Entity ID
andCertificate
fields into our SAML registration form.Set the
ACS URL
field tohttps://app.icepanel.io/__/auth/handler
.Set the
Entity ID
field toicepanel.io
.Set the
Name ID format
field toEMAIL
and theName ID
field toPrimary email
.Click the
User access
section and check the toggle forON for everyone
.Done, now wait for us to let you know it's all setup on our end.
Microsoft Entra ID
First navigate to
Entra ID
on the Microsoft Entra ID portal.Click
Enterprise applications
from the left sidebar.Click
New application
and pick theNon-gallery application
type.Fill in the app name as
IcePanel
and upload the IcePanel logo.Click
Single sign-on
in the left sidebar and choose theSAML
method.Click the edit pencil in the
Basic SAML configuration
.Set the
Identifier (Entity ID)
field toicepanel.io
.Set the
Reply URL (Assertion Consumer Service URL)
field tohttps://app.icepanel.io/__/auth/handler
.Copy the
Certificate (Base64)
,Login URL
andAzure AD Identifier
fields into our SAML registration form.Click
Users and groups
in the left sidebar and add the users or groups that need access to IcePanel.Done, now wait for us to let you know it's all setup on our end.
Okta
First navigate to
Admin > Applications
on the Okta portal.Click
Add New App
and select SAML 2.0.Set the
Single sign on URL
field tohttps://app.icepanel.io/__/auth/handler
.Set the
Audience URI (SP Entity ID)
to icepanel.io.Set the
Name ID format
to email address and theApplication username
to email.Click
View setup instructions
get the necessary information.Copy the values from the
SSO URL
,Identity Provider Issuer (Entity ID)
andCertificate
fields into our SAML registration form.Make sure the required users or groups have permission to access to the Okta app.
Done, now wait for us to let you know it's all setup on our end.
Need more support?
Book a call with our technical team if you have any questions about SSO.
Last updated
Was this helpful?