Single Sign-On is only available in our Plus and Enterprise Network plans.

MURAL supports SAML SSO Integrations with most Identity Providers (IDP).

Although some identity providers may show a MURAL app in their gallery, we do not currently have any applications released. The SSO configuration will require a custom set up.

Import MURAL's metadata file in your IDP

If your IDP supports uploading a metadata file, you can import the configuration by using MURAL's productive metadata file.

If you are in an Enterprise Network plan, you can download the metadata file from your Company Dashboard or if not from the following link.

Configure SAML parameters manually

ACS URL

https://app.mural.co/api/v0/authenticate/saml2/callback

Entity ID

https://app.mural.co

Bindings

MURAL supports either HTTP-POST or HTTP-REDIRECT bindings. Be sure to configure the desired one in your IDP.

SAML Subject / Name ID

The Name ID parameter should be email address and the format should be set as

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">youremail@company.com</saml:NameID>

SAML Attributes

Email

<Attribute Name="Email">
<AttributeValue>
youremail@company.com
</AttributeValue>
</Attribute>

First Name

<Attribute Name="First name">
<AttributeValue>
John
</AttributeValue>
</Attribute>

Last Name

<Attribute Name="Last name">
<AttributeValue>
Smith
</AttributeValue>
</Attribute>

Avatar or Profile Picture (Optional)

<Attribute Name="Avatar">
<AttributeValue>
https://urltoavatar
</AttributeValue>
</Attribute>

External ID (Optional)

<Attribute Name="External ID">
<AttributeValue>
externalId
</AttributeValue>
</Attribute>

Signed Authentication request configuration

MURAL requires to have the SAML response signed with a public certificate provided by the IDP administrator.

Also, it gives the possibility to sign the authentication request. In order to configure it, you should upload MURAL's public certificate to your IDP.

__________________________________________________________________

Now, your Identity Provider (IDP) is ready to go. In order to finish the complete integration, you will need to download the IDP Metadata file to configure MURAL.

If you have an Enterprise Network plan, you will be able to import the metadata file through the Self-Serve Single Sign-On feature in the company dashboard. If you configure the SAML Attributes with the default values described above you should configure the Claim mappings in MURAL with the following values:

  • Email Address - Email
  • First Name - First name
  • Last Name - Last name

If you typed a custom name for the SAML Attributes, you should type the same name you entered in your IDP.

For Plus plans, please send an email to support@mural.co attaching the metadata file.

Did this answer your question?