Guides

SAML SSO

Suggest Edits

Note that SAML SSO is only available to customers on the Business Plan and Enterprise Plan.

Quick overview

  1. Upgrade to Business Plan or higher (how-to)
  2. Turn on SSO in Eraser (how-to)
  3. Using MS Entra
    1. Install Eraser on your identity provider (e.g. Active Directory) (how-to)
    2. Fill out SSO configuration fields in Eraser (e.g. Active Directory) (how-to)
    3. Add users to Eraser on your identity provider (e.g. Active Directory) (how-to)
  4. Using Okta
    1. Install Eraser on your identity provider (e.g. Okta) (how-to)
    2. Fill out SSO configuration fields in Eraser (e.g. Okta) (how-to)
    3. Add users to Eraser on your identity provider (e.g. Okta) (how-to)
  5. Send invites to users to join team in Eraser (how-to)

How to enable SSO in Eraser

Under Settings > Team Settings, find the SAML SSO toggle and turn it on. Note that this toggle will only be available if you're on a Business Plan or Enterprise Plan.

Verified Domain and Entity ID should already be filled out.

How to install Eraser on MS Entra (AD)

Configuring Entra

  1. On your Entra dashboard, click on "Add > Enterprise application"

  1. Click on "Create your own application"

  1. Enter "Eraser" as name of app, select "Integrate any other application you don't find in the gallery (Non-gallery)", and select "Create".
  1. In the "Eraser" applcation profile, select "Set up single sign on"

  1. Select "SAML" as single sign-on method

  1. In the "Basic SAML Configuration" section, click on "Edit"
  1. Fill in "Identifier (Entity ID)" and "Reply URL (Assertion Consumer Service URL)" with the below information, then click "Save".

How to fill out SSO configuration fields in Eraser

Note that the below steps are based on Microsoft Entra but any other identity provider (e.g. Okta) can be used as well.

  1. Copy "Login URL" from the SSO setup page in Entra and paste it into in the "SAML Sign-In URL" field in the Eraser SAML SSO settings page.

  1. Copy "Microsoft Entra Identifier" from the SSO setup page in Entra and paste it into in the "Identity Provider Issuer" field in the Eraser SAML SSO settings page.
    1. Refer to screenshots in the previous step
  2. Download "Certificate (Base 64)" from the SSO setup page in Entra. Open the downloaded Eraser.cer file in a text editor and copy the text content of the file.
  1. Paste the certificate content copied from the previous step into the "Key x509 Certificate" field in the Eraser SAML SSO settings page.

  1. Press "Save".

How to add users on Microsoft Entra

Note that in order to grant a user access to Eraser, the user must be BOTH granted access to Eraser on Microsoft Entra AND sent a team invite in Eraser.

  1. Open the "Eraser" application profile in Microsoft Entra and click on "Assign users and groups"

  1. Click on "Add user/group"

  1. Add users as necessary. Once completed, the added users should show on the screen from the previous step.

How to install Eraser on Okta

Configuring Okta

  1. On your Okta dashboard, click on "Applications"
  2. Click on "Create App Integration"

Screenshot 2024-08-09 at 11.17.31 AM.png

  1. Select "SAML 2.0" and click "Next"

Screenshot 2024-08-09 at 11.19.27 AM.png

  1. Enter "Eraser" as the App Name
  2. Download this file to use as the logo. Upload the logo in Okta and click "Next"

Screenshot 2024-08-09 at 11.20.56 AM.png

  1. Fill in "Single sign-on URL" and "Audience URI (SP Entity ID)" with the below information
    1. Single sign-on URL: https://app.eraser.io/auth/callback/YOUR-DOMAIN.COM
      1. Replace YOUR-DOMAIN.COM with your actual domain. For example, if your domain is acme.com, it would be https://app.eraser.io/auth/callback/acme.com
    2. Audience URI (SP Entity ID):** **https://app.eraser.io
  2. Make sure the following fields are correct:
    1. "Name ID format" is set to "Unspecified"
    2. "Application username" is set to "Okta username"
    3. Update application username on" is set to "Create and update"

Screenshot 2024-08-09 at 12.52.23 PM.png


  1. Scroll down and click "Next", you'll see a questionnaire for Okta answering it is optional. Click "Finish" for the next step

Screenshot 2024-08-09 at 12.54.59 PM.png

  1. Scroll down and click on "More Details"

Screenshot 2024-08-09 at 11.35.08 AM.png


How to enable SSO in Eraser from Okta

  1. In Eraser Under Settings > Team Settings , find the SAML SSO toggle and turn it on. Note that this toggle will only be available if you're on a Business Plan or Enterprise Plan.Verified Domain and Entity ID should already be filled out.

  2. Copy "Sign on URL" from the Sign on page in Okta and paste it into in the "SAML Sign-In URL" field in the Eraser SAML SSO settings page .

  3. Copy "Issuer" from the Sign on page in Okta and paste it into in the "Identity Provider Issuer" field in the Eraser SAML SSO settings page .

  1. Download the Signing Certificate. Click the download button. Open the downloaded file in a text editor and copy the text content of the file.

  2. Paste the certificate content copied from the previous step into the "Key x509 Certificate" field in the Eraser SAML SSO settings page .

  3. Press "save"


How to add users on Okta

Note that in order to grant a user access to Eraser, the user must be BOTH granted access to Eraser in Okta AND sent a team invite in Eraser.

  1. In Okta click on the "Assignments" tab

  2. Click "Assign" and select "Assign to People"

  3. Find the individual you'd like to add and click "Assign"

  4. Confirm the new individuals username and click "Save and Go Back". You can select more individuals to add or if you are done you can click "Done"

How to send a team invite in Eraser

Note that in order to grant a user access to Eraser, the user must be BOTH granted access to Eraser on your SSO platform (i.e. Microsoft Entra or Okta) AND sent a team invite in Eraser.

  1. Open Settings > Team Members.
  1. Invite users as necessary.
    1. An invite email will be sent to the user to join the team.
    2. Note that the team will be billed for each team member.

Updated 3 months ago