help

Book a demo
Sign in
English

help

help

Integrations

>

Generic SAML / OpenID SSO Setup

Configure Generic SAML or OpenID SSO in Yoffix

Table of Contents

Yoffix supports Single Sign-On (SSO) using standard authentication protocols:

  • SAML 2.0

  • OpenID Connect (OIDC)

This allows you to connect Yoffix with any compatible Identity Provider (IdP) that supports SAML or OpenID Connect.

For other supported SSO providers please see the dedicated pages

All SSO configuration in Yoffix is available under:

Settings → SSO

Before You Start

You must first create a SAML or OpenID application in your Identity Provider.

Yoffix acts as the Service Provider (SP).
Your identity system acts as the Identity Provider (IdP).

Option 1: Configure SAML SSO

Step 1: Create a SAML Application in Your IdP

In your Identity Provider:

  • Create a new SAML 2.0 application

  • Set the following values:

Assertion Consumer Service (ACS) URL:
https://api.app.yoffix.com/sso/saml/assert

Entity ID (Audience / Identifier):
https://api.app.yoffix.com/sso/saml/metadata

Your IdP will generate:

  • SAML Sign-in URL

  • X.509 Certificate

You will need both for the Yoffix setup.

Step 2: Configure SAML in Yoffix

  1. Go to Settings → SSO

  2. Select SAML from the dropdown

  3. Enter:

  • SAML Sign-in URL

  • X.509 Certificate

Step 3: Define Allowed Email Domains

Add up to 10 email domains.

Example:
If your company emails are name@company.com, add:

company.com

Only users with configured domains will be allowed to authenticate via SSO.

Option 2: Configure OpenID Connect (OIDC)

If your Identity Provider supports OpenID Connect:

  1. Create an OpenID Connect application in your IdP.

  2. Configure redirect and authentication settings according to your provider.

  3. Select OpenID Connect in Yoffix under:

Settings → SSO

  1. Enter the required OpenID configuration details provided by your IdP.

The exact fields depend on your Identity Provider.

Attribute Requirements (SAML)

When using SAML, your IdP must provide the following user attributes:

  • email

  • first_name

  • last_name

Attribute names are case sensitive.

Assign Users in Your Identity Provider

Only users assigned to the Yoffix application in your IdP will be able to authenticate via SSO.

Why Use Generic SAML / OpenID SSO?

Using SSO ensures:

  • Centralized authentication

  • No separate Yoffix passwords

  • Controlled access via your identity provider

  • Secure login based on industry standards

Important Note

If you are using:

Please refer to the dedicated setup guides for those providers.

If you're still experiencing issues, contact Yoffix support at support@yoffix.com — our team will assist you.