SAML2 support will be deprecated and we recommend using OpenID Connect when configuring SSO.

This page contains a general guide on how you can configure single sign on using with SAML2.

Our identity platform, Talentech ID, supports SAML2, but we recommend using OpenID Connect if you support it. To get started, you need to contact us in order to get the necessary parameters for your configuration.

Before you start following this guide, you should check if there is a subpage containing a more specific guide for your identity provider of choice.

Exchanging metadata

When you want to set up SSO via SAML2, we need to configure some parameters both on our and and the customer’s (your) end.

The easiest way to do this is to exchange metadata URLs.

We will send you a metadata URL that looks like this:

NB: The metadata URL will return 404 not found until we have added your metadata.

The metadata file will contain the URL to our assertion consumer service, the entity id and other parameters your setup needs.

In the same way, you need to send us your metadata URL. If you are using Azure AD, your metadata URL will look something like this:<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml.


Required claims

Claim Name

Mapped to


Is Required

Claim Name

Mapped to


Is Required

Saml Element: <saml:NameID>

Claim Name:

Unique External User Id

The saml:NameID element is needed to map the external user to an internal user in Talentech


email or preferred_username

Email address / username

We will look for a claim named email and preferred_username to map from the external username to the internal Talentech username



Full name

We will use the claim named name to map to the user’s full name


Make sure you do not map more attributes than necessary or include all AD groups a user is member of because there is a limit on how big the request can be. More information about this potential issue.