SSO Guide

You can use any Identity Provider that supports the SAML 2.0 protocol in order to authenticate users via single sign-on(SSO) on Mailtrap.

Mailtrap automatically creates users using just-in-time provisioning when a user logs in with Mailtrap SSO.
Note: SSO is available only for users on Enterprise plans.

How to enable SAML SSO in Mailtrap

Only the Account Owner has access to enable/disable SAML on an account.

In order to enable the SAML configuration for the Mailtrap account - go to  User Management  > Account settings or open the SSO tab ( link) and add/edit the SAML configuration.

Step 1: Add and verify the domain:

  1. Enter your domain in the Domain field and click the Add Domain button.
  2. In the displayed table, you will find the record and its value generated by Mailtrap.
  3. Go to your domain settings page, select Manage DNS, and choose TXT from the list of options (for details, consult your domain provider documentation).
  4. Copy the authentication key generated by Mailtrap from the Value column and paste it to your TXT record.
  5. Once completed, get back to Mailtrap and click the Verify button for this domain. The status should change to Active.

Step2: Mailtrap —> Identity Provider

You’ll need to provide the following to Mailtrap from your Identity Provider:

  • IdP Entity ID (Identity Provider Issuer)
  • Single Sign-on URL
  • Optional: Single Logout Service (SLO) URL
  • X509 Certificate

Step 3: Identity Provider —> Mailtrap

You’ll need to provide the following SAML Provider details to your Identity Provider from Mailtrap:

  • Entity ID
  • Assertion Consumer Service URL
  • Single Logout Service URL

Step 4: Role mapping

By default, users created in Mailtrap via SSO have roles with empty permission, so users cannot View or Edit any projects or inboxes. In this case, you can assign permissions manually within Mailtrap User Management.
To map your IdP roles to roles in Mailtrap, you need to create a mapping in the SAML Role Mapping section in Mailtrap.
In the example above, a user with the IdP attribute “MailtrapRole” and the name “admin” (which should be configured as Attributes on the IdP side) should be assigned the “Admin” role in Mailtrap. 
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us