Edit Your SAML SSO Settings

If your organization is already using a SAML-based identity provider (IdP) in Calibo Accelerate and you need to update the configuration—for example, to rotate certificates, change endpoint URLs, or update attribute mappings—you can do so by following these steps:

Note:

Only platform administrators or users with appropriate permissions can edit SSO settings.

When to Use the Edit Option

Use the Edit option if:

  • Your IdP's certificate is about to expire or has changed.

  • Your IdP endpoints (SSO URL or SLO URL) have been updated.

  • You need to change or correct attribute mappings or metadata configurations.

  • You want to switch the configuration method (for example, from manual entry to metadata file import).

Note:

To switch to a completely different IdP provider, use the Change Provider option instead.

Prerequisites

Before editing an existing SAML-based SSO configuration, ensure the following prerequisites are met:

  • Updated Metadata or IdP Parameters

    You must have the latest SSO details from your Identity Provider (IdP), depending on the method you use to edit your configuration:

    • Updated Single Sign-on URL

    • Updated Single Logout URL (optional)

    • Updated X.509 Signing Certificate

    • OR updated metadata URL / metadata XML file

    Ensure these values match the changes you have made in your IdP.

  • Attribute Mapping Configuration Remains Valid

    Calibo relies on specific user attributes in the SAML assertion to identify and authenticate users.

    Before editing the configuration, verify that:

    • Your IdP still sends the required attributes in the SAML response

    • No attribute names, formats, or claim mappings have changed

    • Your IdP is still configured to pass the expected NameID and user attributes

    Mandatory Attribute: email → Used to identify and authenticate the user

    Recommended Attributes:

    • firstName

    • lastName

    If your IdP recently changed attribute names, schemas, or claim rules, update and re-export the metadata or adjust manual settings accordingly before editing SSO in Calibo Accelerate.

  • Administrative Access to Your Identity Provider (IdP)

    You must have permission to:

    • Download metadata or view SAML configuration

    • Update the trust relationship using Calibo metadata after editing

    • Confirm certificate validity or upload new certificates

  • Existing Users in IdP

    Make sure the users associated with Calibo Accelerate exist in the IdP and have valid email addresses mapped to the configured domain.

  • IdP Trust Ready for Re-validation

    After editing SSO settings, you will need to:

    • Update or confirm the trust relationship in your IdP using Calibo metadata

    • Validate the updated configuration by performing an SSO login.

    Ensure your IdP environment supports this process (for example, metadata upload enabled, certificate rotation policies followed).

Steps to Edit SSO Settings

To edit your SAML SSO configuration, do the following:

  1. Go to Platform Setup > Security & SSO.

  2. In the Configured Identity Provider section, you will see your existing SAML SSO configuration.

  3. In the SAML SSO configuration card, click the ellipsis (⋯) and select Edit.

  4. The following confirmation message appears. Click Proceed to continue.

    Confirmation message before editing Azure AD SSO configuration

  5. On the Edit Single Sign-On screen, your existing SAML SSO configuration is displayed. You can review or edit the values as mentioned in the following steps:

    1. Configured Domain

    When you edit SAML configuration, the domain field is auto-populated with the domain that was used in your previous configuration.

    You cannot edit this field — Calibo enforces the same domain to ensure continuity of user identity mapping.

    Select the following checkbox:

    Auto-populated domain field and domain confirmation check box

    2. Review and Copy Calibo’s Service Provider Details

    These are pre-filled but should be reviewed and, if necessary, updated in your IdP:

    • Assertion Consumer Service (ACS) URL

      The endpoint in Calibo Accelerate that receives authentication responses (SAML assertions) from your IdP after a user successfully signs in.

      Example:

      https://accelerate-dis.calibo.com/auth/realms/<TenantID>/broker/saml/endpoint

    • Entity ID

      A unique identifier for Calibo Accelerate as the Service Provider. It tells the IdP which application is requesting authentication.

      Example:

      https://accelerate-dis.calibo.com/auth/realms/<TenantID>

      You can either copy these URLs and paste them into your IdP configuration manually or download the metadata file and import it directly into your IdP to simplify setup.

      Service provider metadata for IdP application

      Tip:

      Using the metadata file is the recommended approach as it reduces manual entry errors and ensures consistency during certificate rotation.

    3. Select a Configuration Method to Edit SAML Details

    You can edit the SAML SSO using any of the following three options, depending on how your IdP manages metadata and endpoints.

    Option A — Configure Manually

    Select this method if you prefer to enter the required IdP details directly into Calibo Accelerate. Update the following details:

    • Single Sign-On (SSO) URL – The endpoint in your IdP where users are redirected for authentication.

    • Single Logout (SLO) URL (optional) – The endpoint in your IdP for handling logout requests.

    • Signing Certificate – The X.509 certificate your IdP uses to sign SAML assertions. This must be kept up to date. If your IdP rotates certificates periodically, plan to update this certificate in Calibo Accelerate accordingly.

    Entering SAML details manuallyl

    Use this method when your IdP doesn’t expose a metadata file or URL or when your security policy requires manual configuration.

    Option B — Import from URL

    Select this method if your IdP provides a metadata URL that hosts the configuration details required for SSO integration.

    1. Enter the following details:

      • IdP Metadata URL – The URL where your IdP hosts its SAML metadata XML. Calibo will automatically import all key information such as SSO URL, certificate, issuer, and supported bindings.

    2. Click Import.

      Enter IdP metadata URL and import SAML details

      Calibo Accelerate connects to the provided URL and automatically imports the required details from your IdP metadata.

    This method minimizes manual effort and automatically reflects certificate or endpoint updates from your IdP.

    Option C — Import from Metadata File

    Select this method if your IdP allows you to export its SAML metadata file (usually an .xml file) that contains all configuration details.

    Do the following:

    1. Upload IdP Metadata File

      Upload the metadata XML file exported from your IdP. Do one of the following:

      • Drag and drop your metadata XML file into the drop zone.

      • Click Browse this computer to select the metadata XML file manually.

    2. Click Import

      After the file is uploaded, click Import.

      Upload IdP metadata fileto fetch SAML details

    3. Calibo Accelerate reads and parses the XML file to automatically import the following configuration details:

      • Single Sign-on (SSO) URL – The endpoint for user authentication requests.

      • Single Logout (SLO) URL – The endpoint for logout requests (if provided by your IdP).

      • X.509 Certificate – The public certificate used by your IdP to sign authentication assertions.

      Tip:

      • Ensure the metadata XML file is generated directly from your IdP without manual edits.

      • Whenever your IdP rotates certificates or updates SSO endpoints, download the new metadata XML and re-import it here to maintain SSO continuity.

    This method is recommended for restricted or on-premise environments where direct metadata URLs are not accessible.

    Tip:

    Regardless of which method you choose, always verify that the IdP configuration includes:

    • The correct ACS URL and Entity ID as provided by Calibo.

    • Signed Assertions enabled in your IdP.

    • email as the NameID format or attribute for consistent user identification.

Click Previous to return to the previous screen.

Click Next to proceed.

Click Cancel and then, in the confirmation message, click Yes to discard your unsaved identity provider configuration changes and go back to the previous screen.

4. Establish Trust with Your IdP

After configuration is complete, download the Calibo Metadata XML file and use it to update the trust configuration in your IdP.

Download metadata XML file to create trust relationship between Calibo and IdP

This step allows your IdP to recognize Calibo Accelerate as a valid Service Provider for authentication.

5. Validate Single Sign-On

  1. After you establish the trust relationship for Calibo Accelerate successfully, on the screen from where you downloaded the federation metadata XML file, in the Validate Single Sign-On section, click Validate.

  2. This takes you to the Calibo Accelerate sign-in screen. Use SSO credentials for user authentication. After a successful authentication redirection and SSO validation, the following success message is displayed.

    SSO validation successful for Calibo Accelerate Platform

  3. Return to the SSO configuration screen and click the Refresh icon to complete your SSO configuration.

    Click Refresh to complete SSO configuration

  4. After you see the message confirming that your SSO validation is successful, click Finish to complete the configuration.

    Click Finish to complete configuration in F24H Wizard

After you click Finish, your current session will automatically end. You will be logged out of the platform and will need to sign in again using your updated SAML credentials.