Frontend / Backend Single Sign On SAML

Compatible With: Community 2.1, 2.2, 2.3

Tech Specifications

Current Version:
Stable Build
06 March, 2019
Extensions, Payments & Security
License Type:


Interoperate with any SAML Identity Provider (OneLogin, Okta, Ping, ADFS, Salesforce). Enable SSO, SLO, provisioning for M2 customers/admins

Other Extensions by SAML Integrations


Back to top

Add SAML Single Sign-On support to the customer login page or/and to the backend login page for Magento2. If you are working with a partner that has implemented a SAML (Security Assertion Markup Language) identity provider, you can use this extension to interoperate with it, thereby enabling SSO for customers. It works with any IDP providers, including OneLogin, Okta, Ping Identity, ADFS, Salesforce, SharePoint. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. Customers are happy with the SAML extension I made and with the support received. Companies like Cisco, Erickson, Toyota, Hilton, PWC trusted in the SAML extension.

The extension adds a link, "Login via Identity provider" to the customer login form or/and to the backend login page.. Following this links initiates series of redirects that are described by SAML 2.0 standard

Customer authenticates against the SAML Identity Provider and then information about user, group and address is sent to Magento. Magento authenticate customer and let him in. 
Similar happens with users on the backend.

Other usages

Extension supports IdP-Initiated so a SAML Response can be directly processed by the Magento instance.


  • Allow to Login via any Identity Provider.

  • Easily switch On/Off the SAML Module.

  • Supports Single Sign On (IdP and SP initiated)

  • Supports Single Log Out (IdP and SP initiated)

  • Supports Just-In-Time Provisioning (user data + group + address)

  • Possibly set the mapping between IdP fields and Magento fields.

  • Customizable workflow.

  • Supports Magento Multi-stores.

  • Documented settings


Install the package using Magento Connect. 


The Settings of the extension are available at Stores > Configuration. At the Services tab, the "SAML SSO for customers" link.

There you will be able to fill several sections:

  • Status. To enable or disable the extension.

  • Identity Provider. Set parameters related to the IdP that will be connected with our Magento.

  • Options. The behavior of the extension.

  • Attribute Mapping. Set the mapping between IdP fields and Magento user fields.

  • Group Mapping. Set the mapping between IdP groups and Magento groups.

  • Address Mapping. Set the mapping between IdP fields and Magento address fields.

  • Custom messages. To handle what messages are showed in the login form.

  • Advanced settings. Handle some other parameters related to customizations and security issues.

The metadata of the Magento Service Provider will be available at http:///sso/saml/metadata

The Setting for the backend are available at Stores > Configuration. At the Services tab, the "SAML SSO for admins (backend)" link. The sections are quite similar than the one described previously. The metadata of the Magento Service Provider for the backend will be available at http:///sso/saml2/backendmetadata

At the Status section you are asked for a license key. Use the Order ID of your magento marketplace’s purchase.


Support by email guaranteed. Get a reply in less than 48hr (business days).

License warning

When you purchase the extension, you are able to use it at one M2 instance.

In case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact to discuss the terms.

Test and developer environments can use the extension without require an additional license

Release Notes

Back to top


  • Compatible with CE: 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Require php-saml > 3.0.0
    - Supports Magento 2.1, 2.2, 2.3
    - Support muliple IdP x509 certs.
    - Support multiple custom fields.


  • Compatible with CE: 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Require php-saml < 3.0.0
    - Add a more detailed description of what customer/user data is updated when that option is enabled. Update mail if custom attribute defined as the way to identify customer
    - Improve the feature of disabling email notification on new accounts
    - Make processAttrs public. Fix updateCustomer parameter bug. Add support for custom attributes


  • Compatible with CE: 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Be able to send AuthNRequest with POST Binding.
    - New settings: Digest Algorithm and Lower Case URL Encoding.
    - Fix bug of view/frontend/layout/customer_account_login.xml file that affects Magento 2.2 and greater.
    - Code improvement.


  • Compatible with CE: 2.1
  • Stability: Stable Build
  • Description:

    First version of the SAML extension with support for front-end and back-end.


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top