Generic SAML SSO Configuration

Configure your SAML identity provider with the following values:

Entity ID / Identifier

Use this value for the Entity ID, Identifier, or Audience URI field in your identity provider:

Reply URL / ACS URL

Use this value for the Reply URL, Assertion Consumer Service (ACS) URL, or Single Sign-On URL field in your identity provider:

Name ID (Unique User Identifier)

The Name ID should be set to a persistent, system-generated identifier such as the user's Object ID or internal user ID from your identity provider. This ensures that each user has a stable identifier that will never change — even if their name, email, or other details are updated.

Set the Name ID format to Persistent.

Required Attributes

Configure your identity provider to send the following user attributes in the SAML assertion. These attributes allow Atticus to identify and authenticate users properly:

Attribute Name	Description
email	User's email address
first	User's first name / given name
last	User's last name / surname

The exact field names in your identity provider may vary. Common mappings include:

• Email: user.email, user.mail, or user.userprincipalname
• First Name: user.firstName, user.givenname, or user.givenName
• Last Name: user.lastName, user.surname, or user.sn

Optional Attributes

If you would like to send an Employee ID, Salary ID, or other organisational identifier to Atticus, you can include it as an additional attribute claim:

Attribute Name	Description
employeeId	Employee ID or other organisational identifier

Consult with your Atticus account manager if you would like to include additional identifiers.

After configuring your identity provider, you'll need to share the SAML metadata with Atticus. This can typically be provided as:

• A Metadata URL that Atticus can fetch automatically
• A Metadata XML file that you download and send to Atticus

Send the metadata URL or XML file to your Atticus account manager or the Atticus platform team to complete the integration.