Legacy: Custom SAML authentication setup

Last Updated: September 27, 2023

🔍Please note: This article is for customers on Standard Bundle, Enrichment, or Clearbit Platform plans. 

To initiate and complete the SAML authentication setup, you'll need to work with a Clearbit Implementation Manager. Please contact Clearbit Support for assistance.

 

 

Clearbit supports Single-Sign On (SSO) through SAML 2.0 authentication. This helps increase security, simplifies the login process, and reduces the risk of lost or forgotten sign-in information.

The SAML 2.0 integration is designed to be vendor agnostic, meaning it's compatible with any identity provider (IdP) that supports a standard SAML configuration, including custom identity systems.

This article outlines how to configure a custom SAML application, regardless of provider.

SAML setup instructions by identity provider

If you use one of the identity providers listed below, refer to the associated documentation:

Clearbit supports a wide range of SSO providers who support SAML 2.0, including home-growth sign-in solutions, assuming they meet the requirements detailed below.

Create a custom SAML application

Clearbit will provide the following input values when you set up your custom SAML 2.0 app: 

  Description Other Names Example
Single Sign-On URL

The endpoint where Clearbit will send SAML Responses (containing Assertions).

The Clearbit team will supply you with this value during implementation.

Assertion Consumer Service URL

ACS URL

Consume URL

SAML Assertion Endpoint URL

Destination

Recipient

https://dashboard.clearbit.com/saml/pk_a1ab2ab3fabc1234ab123abcde1234a1/consume
Service Provider Entity ID

The unique, case-sensitive identifier used to identify Clearbit as the service provider.

The Clearbit team will supply you with this value during implementation.

SP Entity ID

Entity ID

Service Provider Issuer

Identifier

Audience

Audience Restriction

https://dashboard.clearbit.com/saml/pk_a1ab2ab3fabc1234ab123abcde1234a1/metadata

Required attribute mappings

Clearbit uses just-in-time (JIT) provisioning to create new users in your account when they are added to your SAML application and attempt to sign in for the first time.

You must map the following user attributes for all SAML app setups

Attribute Clearbit Value
First Name firstName
Last Name lastName

*Other attribute mappings are not supported at this time.

Other required configuration fields

  • Name ID Format → Email Address - Clearbit uses the email address to identify users. If prompted, choose the email address name ID format during SAML application setup. 
  • Signed response → True - Clearbit requires that all SAML responses are signed. If they are not, Clearbit will not complete the authentication process and we will return an error message in our logs.

Share your configuration metadata

To integrate with a custom SAML 2.0 application, Clearbit requires specific configuration details

After you've created your custom SAML application, Clearbit will ask you to share the following metadata about your app:

  Description Other Names Example
Email Domain The email domain that Clearbit will enforce SSO SAML authentication on.   clearbit.com
Identity Provider SSO URL The single sign-on service URL that is initiated at the identity provider site.

IdP SSO URL

IdP Initiated URL

IdP Initiated SSO

https://acmeco.okta.com/app/acmeco_clearbit_1/abc4d5efghIjKLM6n789/sso/saml
Identity Provider Issuer The unique, case-sensitive identifier used by Clearbit to identify the provider of the custom SAML app.

Identity Provider

IdP Entity ID

Issuer

Identifier

http://www.okta.com/abc1d2efghIjKLM3n456
SP Certificate The public certificate used to validate the digital signature on this service provider's SAML Requests. X509 Certificate

-----BEGIN CERTIFICATE----

-----END CERTIFICATE-----

Enable SAML authentication

SAML authentication must be enabled by a Clearbit employee using the information you shared in the previous step.

Once you have successfully created the SAML app, assigned users, shared your app details with the Clearbit team, and you're ready to enable SAML authentication, contact Clearbit, and we'll complete the setup process.

If you would like to coordinate the enablement and testing of your app, the Clearbit Support team is happy to arrange a call to complete the setup together and answer any questions.

Learn More