Skip to main content

Overview

The SAML connector lets your team sign in to Go Autonomous through your existing identity provider (IdP) — for example, Microsoft Entra, Okta, or any other SAML 2.0–compliant provider. Once configured, users authenticate against the IdP instead of managing a separate Go Autonomous password. Use the SAML connector when you want to:
  • Centralise authentication for Go Autonomous through your IdP.
  • Enforce your organisation’s existing sign-in policies (MFA, conditional access, session lifetimes).
  • Pair SSO with SCIM to fully automate user provisioning and access.
SAML controls how users sign in. To also sync users and group membership automatically, set up SCIM alongside the SAML connector.

Before you start

You’ll need the following from your identity provider:
  • The federation metadata XML for the Go Autonomous application — or, individually, the x509 signing certificate and the single sign-out endpoint URL.
  • The list of authorized request origin URLs that the IdP will redirect to (typically your Go Autonomous tenant URL).

Configure a SAML connector

1

Open Connectors

Navigate to Administration > Company Settings > Connectors.
2

Add a new SAML connector

Find SAML in the available connectors list and click it. The configuration dialog opens.
3

Name the connector

Give the connector a clear name (e.g., “Entra SSO” or “Okta Production”). The name is used internally to identify this configuration.
4

Provide identity provider details

Use the Federation Metadata tab to configure the connector. You have two options:
  • Upload the federation metadata XML — drop the metadata file your IdP generated for the Go Autonomous application. The x509 certificate and single sign-out endpoint URL are filled in automatically.
  • Enter values manually — paste the x509 certificate and the single sign-out endpoint URL into the fields directly.
5

Add authorized request origin URLs

Add the origin URLs your IdP is allowed to redirect to after authentication. Use Add another URL to add more than one entry (for example, if you use multiple Go Autonomous environments).
6

(Advanced) Customise the lambda handler

Switch to the Lambda Handler tab if you need to customise how the SAML response is processed — for example, to map custom claims onto Go Autonomous user attributes. A default handler is provided and works for most setups.
7

Configure

Click Configure to save the connector. The connector appears in the Active Connectors section and is ready to be used for sign-in.

Manage an existing SAML connector

From the Active Connectors section you can:
  • View the current configuration (certificate, endpoint, origin URLs, lambda).
  • Edit the connector when your IdP rotates its signing certificate or you change the sign-out endpoint. Re-upload the metadata XML to refresh the certificate and endpoint in one step.
  • Delete the connector to remove SSO for this tenant.
Editing the SAML connector immediately affects sign-in for everyone in the tenant. Coordinate with your IT team before rotating certificates or changing origin URLs.

What’s next