Enterprise teams can add SAML single sign-on to allow users to log in to MeisterTask using your organization’s custom identity profile. SAML also gives team admins the ability to enable and disable the login functionality for their employees.

What is SAML?

Security Assertion Markup Language (SAML) is an XML-based framework for authentication and authorization between two entities: a Service Provider and an Identity Provider.

SAML is an open standard mostly used for Single Sign-On (SSO). Authentication information is exchanged through digitally signed XML documents. It's a complex single sign-on (SSO) implementation that enables seamless authentication, mostly between businesses and enterprises.

With SAML, you don't have to worry about typing in authentication credentials or remembering and resetting passwords.

MeisterTask supports any Identity Provider that uses the SAML 2.0 standard, including (but not limited to):

• Azure AD
• Okta
• Google Workspace (via SAML 2.0)

What information is required to configure SAML SSO?

To configure SAML SSO, you'll need:

• Identity Provider Metadata (URL or file) (not provided by Meister)
• Entity ID: https://accounts.meister.co
• Assertion Consumer Service (ACS) URL or Reply URL (provided by Meister)
  • https://accounts.meister.co/login/saml/CUSTOMER SHORTCUT/acs
    • please change the text customer shortcut part for your real shortcut
    • e.g. https://accounts.meister.co/login/saml/svge/acs
• Attributes mapping (e.g., NameID, email address)
• Meister will automatically provide you with the necessary Service Provider (SP) details during setup.

Setup a Customized Domain for SAML

As a team admin, in order to enable the SAML Single Sign-on integration, you first need to set a customized login domain:

1. From MeisterTask's Dashboard click your avatar in the top-right corner.
2. Click Account from the drop-down menu.
3. Select My Team on the left.
4. Click Settings.
5. Make sure you're on the General tab.
   
   
    
6. Under Team Details, customize the domain name in the Login Domain.
7. Scroll to the bottom of the page.
8. Click Save Changes.

Configure Single Sign-On Integration

1. From MeisterTask's Dashboard click your avatar in the top-right corner.
2. Click Account from the drop-down menu.
3. Select My Team on the left.
4. Click Settings.
5. Select the Sign Up tab.
   
   
    
6. Scroll to SAML Single Sign-On.
7. Click the checkbox beside Enable SSO with third party identity provider.
8. Click Upload Identity Provider Metadata.
9. Upload your identity provider's metadata XML file.
10. Click Save changes - Once you save the changes, your account will support SAML Single Sign-on authentication through your identity provider. You can find the login links in the SAML Single Sign-On section.

Is Just-in-Time (JIT) user provisioning supported?

Yes. MeisterTask supports JIT provisioning: if a user assigned to MeisterTask in the IdP logs in for the first time via SSO, their MeisterTask account will be created automatically (subject to licensing availability).

What happens if SAML SSO is temporarily unavailable?

If SSO is unavailable, admins can optionally allow fallback to username/password logins. This setting can be configured during SAML SSO setup.

How can I test SAML SSO before enabling it for the entire team?

MeisterTask provides a testing option during the SSO setup process to verify configuration before enforcing SAML SSO for all users.

Can SAML SSO be used on mobile device?

No. 

Is the SAML SSO same as Microsoft, Facebook and Google SSO?

The short answer is: No, they are not the same thing, but they are closely related.

Think of it like this: _SAML is a method or a language, while Microsoft 365, Google, and Facebook are the speakers who use that language (or other similar languages) to get the job done.

• idp_metadata_sample.xml918 Bytes