Single Sign On SAML (frontend)

Compatible With: Community 2.0, 2.1, 2.2, 2.3

Tech Specifications

Current Version:
Stable Build
06 March, 2019
Extensions, Payments & Security, Fraud
License Type:


Add SAML Single Sign-On support for customers for Magento 2. You can use this extension to interoperate with it any SAML Identity Provider

Other Extensions by SAML Integrations


Back to top

Add SAML Single Sign-On support to the customer login page or/and to the backend login page for Magento2. If you are working with a partner that has implemented a SAML (Security Assertion Markup Language) identity provider, you can use this extension to interoperate with it, thereby enabling SSO for customers. It works with any IDP providers, including OneLogin, Okta, Ping Identity, ADFS, Salesforce, SharePoint. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. Customers are happy with the SAML extension I made and with the support received. Companies like Cisco, Erickson, Toyota, Hilton, PWC trusted in the SAML extension.

The extension adds a link, "Login via Identity provider" to the customer login form or/and to the backend login page. Following this links initiates series of redirects that are described by SAML 2.0 standard

Customer authenticates against the SAML Identity Provider and then information about the user, group and address are sent to Magento. Magento authenticates the customer and lets him in.

Other Uses

The extension supports IdP-Initiated so a SAML Response can be directly processed by the Magento instance.


  • Allow to Login via any Identity Provider.

  • Easily switch On/Off the SAML Module.

  • Supports Single Sign-On (IdP and SP-initiated)

  • Supports Single Log Out (IdP and SP-initiated)

  • Supports Just-In-Time Provisioning (user data + group + address)

  • Possibly set the mapping between IdP fields and Magento fields.

  • Customizable workflow.

  • Supports Magento Multi-stores.

  • Documented settings



The Settings of the extension are available at Stores > Configuration. At the Services tab, the "SAML SSO for customers" link.

There you will be able to fill several sections:

  • Status. To enable or disable the extension.

  • Identity Provider. Set parameters related to the IdP that will be connected with our Magento.

  • Options. The behavior of the extension.

  • Attribute Mapping. Set the mapping between IdP fields and Magento user fields.

  • Group Mapping. Set the mapping between IdP groups and Magento groups.

  • Address Mapping. Set the mapping between IdP fields and Magento address fields.

  • Custom messages. To handle what messages are shown on the login form.

  • Advanced settings. Handle some other parameters related to customizations and security issues.

The metadata of the Magento Service Provider will be available at http:/ (magento_base_url) //sso/saml/metadata 

At the Status section, you are asked for a license key. Use the Order ID of your Magento marketplace’s purchase so I will be able to identify you.



Support by email guaranteed. Get a reply in less than 48hr (business days).

License warning

When you purchase the extension, you can use it at one M2 instance. Use as License Key the Order ID of the purchase.

In case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact to discuss the terms.

Test and developer environments can use the extension without requiring an additional license


Release Notes

Back to top


  • Compatible with CE: 2.0 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Require php-saml > 3.0.0
    - Supports Magento 2.0, 2.1, 2.2, 2.3
    - Support muliple IdP x509 certs.
    - Support multiple custom fields.


  • Compatible with CE: 2.0 2.1 2.2
  • Stability: Beta Build
  • Description:

    - Require php-saml < 3.0.0
    - Add a more detailed description of what customer/user data is updated when that option is enabled. Update mail if custom attribute defined as the way to identify customer
    - Improve the feature of disabling email notification on new accounts
    - Make processAttrs public. Fix updateCustomer parameter bug. Add support for custom attributes


  • Compatible with CE: 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Fix metadata url of the Status section for multi-stores.
    - Update php-saml version


  • Compatible with CE: 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Add SSO on user backend login
    - Add support to nameIDFormat on LogoutRequests


  • Compatible with CE: 2.0
  • Stability: Stable Build
  • Description:

    - Fixed a minor issue on etc/adminhtml/system.xml file where there was a typo.
    - Update php-saml library (2.10.1)
    - Fixed address provisioning process.
    - Code clean to pass M2 codestyle.


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top