Legacy: Custom SAML authentication setup
Last Updated: September 27, 2023
🔍Please note: This article is for customers on Standard Bundle, Enrichment, or Clearbit Platform plans.
To initiate and complete the SAML authentication setup, you'll need to work with a Clearbit Implementation Manager. Please contact Clearbit Support for assistance.
Clearbit supports Single-Sign On (SSO) through SAML 2.0 authentication. This helps increase security, simplifies the login process, and reduces the risk of lost or forgotten sign-in information.
The SAML 2.0 integration is designed to be vendor agnostic, meaning it's compatible with any identity provider (IdP) that supports a standard SAML configuration, including custom identity systems.
This article outlines how to configure a custom SAML application, regardless of provider.
SAML setup instructions by identity provider
If you use one of the identity providers listed below, refer to the associated documentation:
Clearbit supports a wide range of SSO providers who support SAML 2.0, including home-growth sign-in solutions, assuming they meet the requirements detailed below.
Create a custom SAML application
Clearbit will provide the following input values when you set up your custom SAML 2.0 app:
Description | Other Names | Example | |
Single Sign-On URL |
The endpoint where Clearbit will send SAML Responses (containing Assertions). The Clearbit team will supply you with this value during implementation. |
Assertion Consumer Service URL ACS URL Consume URL SAML Assertion Endpoint URL Destination Recipient |
https://dashboard.clearbit.com/saml/pk_a1ab2ab3fabc1234ab123abcde1234a1/consume |
Service Provider Entity ID |
The unique, case-sensitive identifier used to identify Clearbit as the service provider. The Clearbit team will supply you with this value during implementation. |
SP Entity ID Entity ID Service Provider Issuer Identifier Audience Audience Restriction |
https://dashboard.clearbit.com/saml/pk_a1ab2ab3fabc1234ab123abcde1234a1/metadata |
Required attribute mappings
Clearbit uses just-in-time (JIT) provisioning to create new users in your account when they are added to your SAML application and attempt to sign in for the first time.
You must map the following user attributes for all SAML app setups
Attribute | Clearbit Value |
First Name | firstName |
Last Name | lastName |
*Other attribute mappings are not supported at this time.
Other required configuration fields
- Name ID Format → Email Address - Clearbit uses the email address to identify users. If prompted, choose the email address name ID format during SAML application setup.
- Signed response → True - Clearbit requires that all SAML responses are signed. If they are not, Clearbit will not complete the authentication process and we will return an error message in our logs.
Share your configuration metadata
To integrate with a custom SAML 2.0 application, Clearbit requires specific configuration details
After you've created your custom SAML application, Clearbit will ask you to share the following metadata about your app:
Description | Other Names | Example | |
Email Domain | The email domain that Clearbit will enforce SSO SAML authentication on. | clearbit.com | |
Identity Provider SSO URL | The single sign-on service URL that is initiated at the identity provider site. |
IdP SSO URL IdP Initiated URL IdP Initiated SSO |
https://acmeco.okta.com/app/acmeco_clearbit_1/abc4d5efghIjKLM6n789/sso/saml |
Identity Provider Issuer | The unique, case-sensitive identifier used by Clearbit to identify the provider of the custom SAML app. |
Identity Provider IdP Entity ID Issuer Identifier |
http://www.okta.com/abc1d2efghIjKLM3n456 |
SP Certificate | The public certificate used to validate the digital signature on this service provider's SAML Requests. | X509 Certificate |
-----BEGIN CERTIFICATE---- … -----END CERTIFICATE----- |
Enable SAML authentication
SAML authentication must be enabled by a Clearbit employee using the information you shared in the previous step.
Once you have successfully created the SAML app, assigned users, shared your app details with the Clearbit team, and you're ready to enable SAML authentication, contact Clearbit, and we'll complete the setup process.
If you would like to coordinate the enablement and testing of your app, the Clearbit Support team is happy to arrange a call to complete the setup together and answer any questions.
Learn More
Articles in this section
- How Does the Clearbit Community Data Opt Out Work?
- Delete your Clearbit account
- Legacy: Set up multi-factor authentication (MFA)
- Legacy: How Clearbit's SSO SAML authentication works
- Legacy: Set up SAML authentication with Okta
- Legacy: Set up SAML authentication with Azure
- Legacy: Set up SAML authentication with JumpCloud
- Legacy: Set up SAML authentication with Google SSO
- Legacy: Custom SAML authentication setup