Can't find ACS URL for SSO Setup

Follow

Issue

I'm trying to set up SSO, but my IdP is asking for an ACS URL, and I can't find it in Uberflip.

  • Can't find ACS URL
  • Where do I find the Single sign on URL
  • Problem with SSO setup

 

Conditions

  • User is trying to set up SSO by uploading Identity Provider Settings using an XML metadata file
  • User can't export XML metadata file from IdP because of missing ACS URL
  • User can't find necessary ACS URL in Uberflip
  • Where: Uberflip SSO Setup (Identity Provider Settings)
  • Who: Any Primary User with access to the Security section under Uberflip Account Settings
  • When: While trying to configure IdP settings to enable SSO
  • Any browser
  • Any operating system

 

Cause

To set up SSO with Uberflip, you can use an XML metadata file generated by your Identity Provider (IdP). Some IdPs (e.g. Okta) require you to enter an ACS URL (also called a "Single sign on URL" or similar) provided by Uberflip before they will generate this XML file.

The reason the ACS URL is not provided in Uberflip is because it is dynamic: the ACS URL is generated as part of setting up SSO, so it not available before you set up SSO. This leads to a circular situation where you need the XML file to get the ACS URL, but need the ACS URL to get the XML file.

 

Steps to Fix

Use the following workaround to resolve this issue:

  1. In your IdP, go through the process of setting up Uberflip as a new site on which you will use SSO (with SAML).
  2. When you are asked to enter Uberflip's ACS URL, type in a placeholder value for now.
    • For example, you can use https://app.uberflip.com/sso/saml2/placeholder
    • The real ACS URL will be in the format https://app.uberflip.com/sso/saml2/12345/123456
  3. Complete the setup process and generate the XML metadata file in your IdP.
  4. Use the XML metadata file to complete the SSO setup process in Uberflip.
  5. Once the SSO setup process is complete, return to Account Settings > Identity Provider Settings in Uberflip and click on the Edit (pencil) button next to the IdP you just set up.
  6. In the Edit Identity Provider Settings screen that appears, make sure you're on the Basic IdP Settings tab, then scroll down to the ACS URL field and copy the value:
    Security___Identity_Provider___Edit_Settings_-_Uberflip.png
  7. Finally, return to your IdP and open the SSO profile you created for Uberflip. Replace the placeholder value you entered earlier with the real ACS URL you copied.
    • In general, you should not need to re-generate the XML metadata file.
1 out of 1 found this helpful