SAML 2.0 single sign-on
for Ingest Labs.
SAML 2.0 is the universal standard for enterprise single sign-on. Whether your organization runs Okta, Ping Identity, ADFS, OneLogin, or any other SAML-compliant identity provider, your team can authenticate to Ingest Labs with their existing credentials.
Ingest Labs supports both SP-initiated and IdP-initiated SSO, just-in-time user provisioning, and group-based role mapping. One SAML application in your IdP, and your entire team has secure, password-free access to the Ingest Labs dashboard.
Why SAML + Ingest Labs
Every SaaS application that requires its own username and password is a liability. It's another credential to phish, another account to deprovision when someone leaves, another MFA enrollment that your security team has to manage separately. SAML SSO eliminates all of that by delegating authentication to the identity provider your organization already trusts.
Ingest Labs implements the SAML 2.0 Service Provider (SP) specification. Your identity provider — Okta, Ping, ADFS, OneLogin, JumpCloud, or any SAML 2.0 IdP — handles authentication, MFA, and session policy. Ingest Labs receives a signed SAML assertion and grants access based on the attributes it contains.
Just-in-time provisioning means new team members get an Ingest Labs account the moment they first authenticate — no manual setup, no access request tickets. Group-based role mapping means their permissions are always in sync with your IdP directory. When someone leaves the company and their IdP account is disabled, they lose access to Ingest Labs instantly.
Integration resources
Setup guide for SAML SSO, including IdP configuration, attribute mapping, and JIT provisioning.
Contact for setup guide
OASIS SAML 2.0 specification — the open standard that powers enterprise single sign-on across identity providers.
Visit SAML 2.0 specSAML technical overview from OASIS — authentication flows, assertion format, and binding specifications.
OASIS Security TCKey benefits
Enterprise SSO for Ingest Labs — works with any SAML 2.0 identity provider your organization already runs.
- Works with any SAML 2.0 IdP — Okta, Ping, ADFS, OneLogin, JumpCloud, Google Workspace, and more
- SP-initiated and IdP-initiated SSO — sign in from the Ingest Labs login page or your IdP app launcher
- Just-in-time user provisioning — accounts are created automatically on first SAML authentication
- Group-based role mapping — IdP groups determine Ingest Labs permissions (Admin, Editor, Viewer)
- Instant deprovisioning — disable the IdP account and Ingest Labs access is revoked immediately
- Setup in 30–60 minutes — create a SAML app in your IdP, upload metadata, configure attribute mappings
Frequently Asked Questions
What is SAML 2.0?
SAML (Security Assertion Markup Language) 2.0 is the most widely supported standard for enterprise single sign-on. It allows your identity provider — Okta, Ping Identity, ADFS, OneLogin, or any SAML-compliant IdP — to authenticate users for Ingest Labs without sharing passwords.
Which identity providers are supported?
Any SAML 2.0 compliant identity provider. This includes Okta, Ping Identity, Microsoft ADFS, OneLogin, JumpCloud, Google Workspace (via SAML app), Shibboleth, and more. If it speaks SAML 2.0, it works with Ingest Labs.
Does Ingest Labs support SP-initiated and IdP-initiated SSO?
Yes, both. SP-initiated flow: your team visits the Ingest Labs login page and clicks 'Sign in with SSO', which redirects to your IdP. IdP-initiated flow: your team clicks the Ingest Labs tile in your IdP's app launcher and lands directly in the dashboard.
What is just-in-time (JIT) user provisioning?
JIT provisioning automatically creates an Ingest Labs user account the first time someone authenticates via SAML. The user's name, email, and role are derived from SAML attributes — no manual account creation needed. You can also map IdP groups to Ingest Labs roles.
How do I map IdP groups to Ingest Labs roles?
In the Ingest Labs dashboard, you configure attribute mappings that read group membership from the SAML assertion. Map your IdP groups (e.g., 'Analytics Admins', 'Marketing Viewers') to Ingest Labs roles (Admin, Editor, Viewer). Permissions update on every login.
How long does setup take?
Typically 30–60 minutes. You create a SAML application in your IdP, enter the Ingest Labs SSO URL and entity ID, upload the IdP metadata to Ingest Labs, and configure attribute mappings. The Ingest Labs team provides a step-by-step guide for your specific IdP.
Ingest Labs SAML integration: Enterprise single sign-on for the Ingest Labs dashboard via any SAML 2.0 identity provider. Supports Okta, Ping Identity, ADFS, OneLogin, and more. SP-initiated and IdP-initiated flows, just-in-time user provisioning, and group-based role mapping.
Any SAML 2.0 identity provider. One click to Ingest Labs.
Okta, Ping, ADFS, or any SAML IdP — your team signs in with existing credentials.