Skip to main content
Streamline member management for your organization by integrating your third-party identity provider with VESSL through SAML Single Sign-On (SSO).

Prerequisites

VESSL supports integration with any identity provider that complies with the SAML 2.0 protocol. Below are some commonly used providers:

Important Notes:

  • VESSL’s Assertion Consumer Service (ACS) only supports HTTP-POST bindings.
  • The following SAML features are not supported by VESSL:
    • Identity Provider (IdP)-initiated SSO
    • Identity Provider (IdP)-initiated Single Logout (SLO)

VESSL Endpoints

You can also find this information on the SAML SSO Settings page.
For each organization, VESSL is using the following format for SAML service provider configuration. Be sure to replace {your-org-name} with your organization’s name in the following URLs:
  • SAML Entity ID (Metadata URL): https://app.vessl.ai/{your-org-name}/saml/metadata
  • Assertion Consumer Service (ACS) URL: https://app.vessl.ai/{your-org-name}/saml/acs
The metadata URL itself serves raw metadata XML, which may be required for certain identity providers during configuration.

Configuring Identity Provider

Choose the appropriate setup instructions based on your identity provider.
  • Microsoft Entra
  • AWS IAM Identity Center
  • Okta
  • Custom Identity Provider
1

Sign in to Microsoft Entra

Sign in to the Microsoft Entra admin center.
2

Create VESSL Application

Navigate to Enterprise applications using the search bar.Click + New Application, then select + Create your own application.Enter VESSL AI as the application name and ensure you select Non-gallery application. Click Create.
3

Add Users

After creating the application, you’ll be directed to the Overview page.Click on 1. Assign users and groups, then select + Add user.Add users who will use VESSL, then click Assign.
4

Setup SAML SSO

Return to the Overview page and click 2. Set up single sign-on. Select SAML as the sign-on method.In Basic SAML Configuration (Section 1), add the Identifier and Reply URL using the information from VESSL Endpoints, then click Save.
5

Copy Metadata URL

Copy the App Federation Metadata URL from Section 3. This will be needed in the next step.

Configuring VESSL

After completing the setup of your identity provider, use the interactive demo below to configure VESSL’s SAML SSO settings.
1

Open SAML SSO Settings

Open your organization SettingsSAML SSO.
2

Add SAML SSO

Click Add SAML SSO.
3

Fill in the details

Use the following values in the form:
FieldValue
Metadata XMLPaste contents of the downloaded IAM Identity Center metadata file
IdP User ID Attributeusername
IdP User Email Attributeemail

IdP Attributes

Identity providers (IdPs) use attributes to supply user ID and email information. VESSL requires these attributes to retrieve the corresponding user data during authentication. Ensure you configure the correct attribute names based on your identity provider. Refer to the details below to fill in the required fields:
  • Microsoft Entra
  • AWS IAM Identity Center
  • Okta
  • Custom Identity Provider
Use the following attribute names for Microsoft Entra:
  • IDP User ID Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  • IDP User Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress