English (US) Deutsch
Submit a request

Single Sign On (SSO) | How to set up for SAML 2.0

Avatar
Paul Blossey

If you use SAML 2.0 as protocol, you can activate Single Sign On (SSO) for Lanes & Planes based on your users’ email addresses. 

If you want to set this up, Lanes & Planes will give you a redirect URL, like this: 

https://api.lanes-planes.com/auth/example/callback

You will enter that URL into the configuration as explained below.

 

1) SAML Configuration

Please configure these settings on your system.

  • Assertion Consumer Service (ACS) URL: https://api.lanes-planes.com/auth/:provider/callback
    • (:provider will be assigned to you by Lanes & Planes support team.)
  • Service Provider Entity ID: lanesplanessaml
  • Add attribute mapping: User email → email
    • Please note that the email address from your system must match the email of the user at lanes-planes.com
    • The attribute name must be EXACTLY email. Do not add any namespacing/prefix such as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
    • Please make sure you are setting an Attribute, not a Claim

Example Microsoft Entra ID

file.png

file (1).png

file (4).png

 

2) XML Metadata

After the above are set, please provide us with your XML Metadata:

 

  • Select SAMLBildschirm_foto_2023-03-22_um_11.06.09.png

 

  • Enter either the XML metadata or a DIRECT URL to the XML.

You are ready to log in. From a different browser session (so you can continue to make changes to your configuration if needed), log in at https://app.lanes-planes.com.

Bildschirmfoto 2025-05-13 um 16.30.35.png

Use RelayState URL parameter: In case your SAML 2.0 Provider does not support custom URL parameters, please activate this option to switch to the RelayState URL parameter, which is a mandatory part of the SAML 2.0 protocol.

Mobile App uses device browser for authentication: Only activate this option if you want to use advanced omniauth features like conditional device access or advanced security features like authentication fobs. Otherwise, the default login method for the mobile app will be easier and more convenient.

 

IMPORTANT: The e-mail addresses of the users must be absolutely identical in both systems (case-sensitive).

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.