SSO AuthenticationSAML 2.0
SailPoint IdentityNow
Configure SailPoint IdentityNow as a SAML 2.0 identity provider for Safeguard.
SailPoint IdentityNow
- In SailPoint IdentityNow, go to Admin → Connections → Applications → Add Web App → "Connect a SAML app you've already set up."
- Under Sign-On, set ACS URL to the ACS URL Safeguard shows after Save and Audience/SP Entity ID to the SP Entity ID Safeguard shows after Save.
- Set Application username / NameID format to Email.
- Under Attribute Mapping, add an outgoing attribute named
emailsourced from the identity's email — separate from the Application username/NameID setting above. - Copy the IdP SSO URL, Issuer, and download the certificate from the app's Sign-On tab.
- In Safeguard, click Add Provider → SAML 2.0 → SailPoint IdentityNow, and enter those three values.
- Provision the application to the identities/roles that need access.
- Click Test in Safeguard to confirm.
Common errors: "Access Denied" at IdentityNow means the app was created but never provisioned to the identity/role attempting to sign in.