Articles on: Account Management & Billing

How to Setup SSO (SAML) for Your Appfigures Account

Appfigures supports Single Sign-On (SSO) via the SAML 2.0 protocol, allowing you to centralize authentication and improve security across your organization.


Note: SAML/SSO is available for enterprise plans.

Setting up Single Sign On


  1. Log in to Appfigures as the account owner and navigate to Account Settings → SAML SSO. This page contains the Appfigures SSO URL you'll need for your Identity Provider (IdP) configuration.
  2. In your SAML-compliant IdP (Okta, Azure AD, OneLogin, etc), create a new application for Appfigures using the following parameters:
  • ACS URL / SSO URL: Use the SSO URL provided in the Appfigures setup page.
  • Entity ID (if required): Use the same SSO URL.
  • Name ID Format: Email address (required to match existing users in Appfigures).
  • Logout URL: (optional) If you’d like users to be redirected after logging out, provide a logout URL.
  • X.509 Certificate: Export your IdP's signing certificate and upload it in Appfigures (see next step).
  1. Head back to your Appfigures account and in the SAML SSO Setup page, provide:
  • SSO Login URL (from your IdP)
  • SSO Logout URL (optional)
  • X.509 Certificate (paste or upload)
  1. Save your changes ✅


Once saved, all users on your account (except the owner) will be required to use SSO to log in.

Notes


  • Fallback Access: The account owner can always log in with email and password, even after SSO is enabled.
  • User Matching: A user’s email in your IdP must match exactly with their Appfigures login email.


If you need help configuring your IdP or run into errors during setup, contact us.


Updated on: 04/12/2025