Safeguard.sh Documentation Center
SSO AuthenticationSAML 2.0

SailPoint IdentityNow

Configure SailPoint IdentityNow as a SAML 2.0 identity provider for Safeguard.

SailPoint IdentityNow

  1. In SailPoint IdentityNow, go to Admin → Connections → Applications → Add Web App → "Connect a SAML app you've already set up."
  2. Under Sign-On, set ACS URL to the ACS URL Safeguard shows after Save and Audience/SP Entity ID to the SP Entity ID Safeguard shows after Save.
  3. Set Application username / NameID format to Email.
  4. Under Attribute Mapping, add an outgoing attribute named email sourced from the identity's email — separate from the Application username/NameID setting above.
  5. Copy the IdP SSO URL, Issuer, and download the certificate from the app's Sign-On tab.
  6. In Safeguard, click Add Provider → SAML 2.0 → SailPoint IdentityNow, and enter those three values.
  7. Provision the application to the identities/roles that need access.
  8. Click Test in Safeguard to confirm.

Common errors: "Access Denied" at IdentityNow means the app was created but never provisioned to the identity/role attempting to sign in.

On this page