[beta] SSO Guide
You can use any Identity Provider which supports SAML 2.0 protocol in order to authenticate users via single sign-on(SSO) on Mailtrap.
Mailtrap will automatically create users using just-in-time provisioning when user logs in using Mailtrap SSO
Note: SSO is available only for users on Enterprise plans.
How to enable SAML SSO on Mailtrap
Only the Account Owner has access to enable/disable SAML on an account.
In order to enable the SAML configuration for Mailtrap account - go to User Management > Account settings or open the SSO tab ( link) and add/edit SAML configuration
Step 1: Add and verify the domain:
- Enter your domain in the Domain field and click the Add domain button.
- In the displayed table you will find the record and its value generated by Mailtrap.
- Go to your domain settings page, select Manage DNS, and choose TXT from the list of options (for details, consult your domain provider documentation).
- Copy the authentication key generated by Mailtrap from the Value column and paste it to your TXT record.
- Once completed, get back to Mailtrap and click the Verify button for this domain. The status should change to Active.
Step2: Mailtrap —> Identity Provider
You’ll need to provide the following to Mailtrap from your Identity Provider:
- IdP Entity ID (Identity Provider Issuer)
- Single Sign-on URL
- Optional: Single Logout Service (SLO) URL
- X509 Certificate
Step 3: Identity Provider —> Mailtrap
You’ll need to provide the following SAML Provider details to your Identity Provider from Mailtrap:
- Entity ID
- Assertion Consumer Service URL
- Single Logout Service URL
Step 4: Role mapping
By default users created in Mailtrap via SSO are having roles with empty permission, so users cannot View or Edit any projects or inboxes. In this case, you can assign permissions manually within Mailtrap User Management.
In order to map your IdP roles to roles in Mailtrap, you need to create a mapping in SAML Role Mapping section in Mailtrap.
In the example above user with IdP attribute, “UserGroupMaitrap” that has the name “MailtrapAdmin”(which should be configured as Attributes on IdP side) should be assigned to the “Admin” role in Mailtrap.