Papertrail supports single sign-on via SAML 2.0 integration. SAML (Security Assertion Markup Language) is an industry standard used to provide single sign-on (SSO) by authenticating against a particular identity provider (IdP). Users can log into their Active Directory domain or intranet and have immediate access to Papertrail.
When SSO is enabled, users must authenticate against IdP, except the owner, which can also log in with a service account.
Access to SAML is currently controlled by a feature flag. To begin, please email us at firstname.lastname@example.org.
This feature is only available to the account owner. It can be configured via the Security section under the Account page. To start configuring SAML, click the Enable SAML button.
It will open the SAML configuration page below.
To create a SAML configuration:
For a user to be able to use IdP initiated login, set the NameID attribute to user.email value. The user must be known to the provider and exist in Papertrail, Pingdom or AppOptics.
From this page, the owner can then:
If SAML integration is disabled, users who existed prior to SAML was enabled should use their original password. Users added via SAML will have to perform a password reset, because they would’ve never set a password yet.
The owner can invite new users known to the IdP into the SAML enabled organization. Note that existing members cannot be invited.
This feature does not support the following:
The SSO login screen for Papertrail can be accessed from the standard login screen.
To log in, only the organization member’s email address is required.
Please note that SSO configuration can vary between Identity Providers. The following list provides links to the appropriate IdP documentation: