Single Sign On (SSO) Setup

February 18, 2026

Single Sign-On (SSO) Self-Service

Prerequisites

Permissions: Accessing this feature requires an SSO License. Check with your CaliberMind Customer Success representative to see if SSO is available to your team.
Role: You must have administrative access to your organization’s Identity Provider (e.g., Okta).

How to Configure SSO

To get started, navigate to Settings > Access > SSO in the CaliberMind application.

1. Identity Provider Configuration (Our Details)

The left-hand panel contains the values you need to input into your Identity Provider (IdP) to recognize CaliberMind as a Service Provider (SP). These are pre-populated for your organization:

Entity ID: The unique identifier for your CaliberMind instance.
Assertion Consumer Service (ACS) URL: The endpoint where your IdP sends the SAML response.
Download Metadata: Click the Download Metadata (XML) button to download these details in a standard format to upload directly to your IdP.

2. Connection Details (Your Details)

In the right-hand panel, you will provide the information from your IdP to CaliberMind.

Option A: Auto-Fill (Recommended) Click Auto-Fill From Metadata XML to upload the XML file generated by your IdP. This will automatically populate the Sign-In Endpoint and the X509 Signing Certificate.
Option B: Manual Entry If you do not have a metadata file, manually paste your Sign-In Endpoint and upload your X509 Signing Certificate.

3. Finalize and Enable

IdP-Initiated Login: Use the toggle if you want users to be able to launch CaliberMind directly from your IdP dashboard (like the Okta dashboard).
Save: Click Update to activate the configuration.

Risks of using an IdP-Initiated SSO flow

IdP-Initiated flows carry a security risk and are therefore NOT recommended. Make sure you understand the risks before enabling IdP-Initiated SSO.

In an IdP-initiated flow neither Auth0 (which receives the unsolicited response from the Identity Provider) nor the application (that receives the unsolicited response generated by Auth0) can verify that the user actually started the flow. Because of this, enabling this flow opens the possibility of an Login CSRF attack, where an attacker can trick a legitimate user into unknowingly logging into the application with the identity of the attacker.

The recommendation is to use SP-Initiated flows whenever possible.

Single Sign-On (SSO) Self-Service

Prerequisites

How to Configure SSO

1. Identity Provider Configuration (Our Details)

2. Connection Details (Your Details)

3. Finalize and Enable

Risks of using an IdP-Initiated SSO flow

Table of Contents

Related Resources

Connecting Tableau to CaliberMind

Ad Performance Report – Attribution Tab

Ad Performance Report – Summary Tab