monday.com logo
monday logo
Learning Resources by monday.com
Help Center
Tutorials and how-to guides for using monday.com
Academy
Interactive courses and webinars that will make you an expert
What’s new
Latest feature releases, improvements, and updates
Video Tutorials
Manage and collaborate on
team projects and tasks from
one place
API Documentation
Technical documentation that gives you the control
Get expert help
Hire a monday.com expert to optimize your workflows
Community
Become part of our community
Community forum
Learn with fellow monday.com enthusiasts
Local facebook communities
Join this community to find monday.com members near you
Global facebook communities
Join one of your most active social communities - the global monday group
Developer community
Share thoughts and questions with like-minded professionals who speak your language
Non Profit community
Give back to the community by working with a NGO or non-profit. Join our exclusive program
Support
Contact sales
Get started
What can we help you with?
  1. Support
  2. Profile and Admin
  3. The Admin Section
Custom SAML 2.0
    Was this article helpful?

    Custom SAML 2.0

    3 min read
    Feature

     

    If you haven't read our first article about SAML, we recommend you to check out this article right here prior to reading this one. 

    We are currently working with four main SAML providers: OKTA, OneLogin, Azure AD, and Oracle, but we also offer you the option to custom SAML 2.0 with the provider of your choice. Here is how!

     

    Step 1: Get the data

    You have two options to get the data in order to set up your custom SAML SSO.

    • SP (monday.com) metadata:

    You can get the metadata of monday.com from this URL: 

    https://<YOUR_DOMAIN>.monday.com/saml/saml_metadata
    Note:  The metadata file is only accessible to monday.com account admins.

     

    • Assertion Consumer Service URL

    SSO post-back up URL - https://<YOUR_DOMAIN>.monday.com/saml/saml_callback (Also known as the Assertion Consumer Service URL)

    Entity ID - https://<YOUR_DOMAIN>.monday.com/saml/saml_callback 

     

    Step 2: Attributes to be included in IDP response

    • NameID (Required)
    <saml:Subject>
    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
    NameQualifier="YOURDOMAIN.monday.com" SPNameQualifier="https://monday.com">Your
    Unique Identifier</saml:NameID>
    </saml:Subject>
    <saml:Subject>
    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"
    NameQualifier="YOURDOMAIN.monday.com" SPNameQualifier="https://monday.com">Your
    Unique Identifier</saml:NameID>
    </saml:Subject>
    • Email Attribute (Required)
    <saml:Attribute Name="Email"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue xsi:type="xs:anyType">testuser@youremail.com
    </saml:AttributeValue>
    </saml:Attribute>
    • First Name Attribute (Required)
    <saml:Attribute Name="FirstName"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue xsi:type="xs:anyType">FirstName
    </saml:AttributeValue>
    </saml:Attribute>
    • Last Name Attribute (Required)
    <saml:Attribute Name="LastName"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue xsi:type="xs:anyType">LastName
    </saml:AttributeValue>
    </saml:Attribute>

     

    Step 3: Certificates

    monday.com requires that the SAML response is signed, and you will need to paste a valid X.509.pem Certificate to verify your identity. This is different from your SSL certificate.  

    When configuring your SAML settings, you will see a check box to "Enable Monday Certificate". This is used for encrypting SAML assertions sent from the identity provider (IDP) to monday.com.
    To enable this, copy the certificate and paste it into your SSO provider console.Group 1 - 2023-02-27T105336.249.png

    Note: It is currently not possible to connect multiple identity providers to one monday.com account. However, multiple monday.com accounts can be connected to one identity provider.

     

     

     

    If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.

    Lea Serfaty - Quality check

    Comments