The following is a guide for those using the updated Formstack Admin panel, looking to configure SAML on their Formstack Forms account and within their Forms. Before enabling this authentication method, we recommend reviewing the following articles:
ATTENTION: This support article is for Formstack Forms users who are using the updated Formstack Adminp panel. If you are looking for instruction on how to set up SAML in our Classic Admin experience, click here.
Adding SAML to your Account
- Logged in as the Admin User on your Account, navigate to Authentication Providers within the Admin panel of your account, and click “Add Authentication Provider.”
If you choose to disable the Google SSO option at the top of the page, users will be presented with an error upon attempting to login using Google SSO.
- You will be presented with the following screen.
Give your Authentication Provider a descriptive name for future reference. SAML should already be selected in the “Authentication Provider Type” dropdown.
- You will then be prompted to enter your Claimed Domain. If you’ve already completed this process, your claimed domain will automatically populate this field. Otherwise, you will need to claim the domain that your organization uses for email, login, etc.
Note: You can have more than one claimed domain, but a domain can only be claimed once, and can only be applied to one Formstack account. If your domain has already been claimed, you must either join that Formstack account to use that domain for SSO, or use a different domain for SSO altogether. This is to prevent users from being able to access Formstack accounts that they don’t belong to.
We will manually review your request and it will be marked as “Pending,” but you can still continue the setup process by pressing “Continue.” We will notify you whether your domain has been approved or already claimed.
- Before entering your "SAML 2.0 Identity Provider Metadata," please be sure you have gathered all necessary authentication details outlined in the Getting Started with SAML guide. Many times, simply entering your Metadata URL will populate the rest of the required information.
When you have entered these details, save your changes and your SAML configuration is complete! You can then manage your Authentication Providers and Claimed Domains from the main Authentication Providers screen.
Once you have set up your Authentication Provider, you can Force login with SSO for users.
If you want to set this up, click the toggle next to “Force Login via SSO”.
After you select the toggle, the below message will appear:
“If you enable this feature, users that sign up using one of your claimed domains in their email address will not be able to login unless they are first added as a user in your Formstack organization.
For example, email@example.com signs up for a Formstack account outside of your organization. Enabling this feature will prevent Joe from logging in because he has your domain in his email address but is not a part of your organization.”
Ensure you understand the requirements before selecting “Yes, Force Login via SSO”
After selecting “Yes, Force Login via SSO” you will return back to the “Authentication Providers” page where you must select the “Save Changes” button in the corner.
Custom SSO User Fields
As an optional setting, you may include Custom SSO User Fields. These fields are used in tandem with the Single Sign-On (SSO) Autofill plugin in the Formstack Forms app, which allows your users to populate fields on your forms with information from a selected SSO Provider:
Custom Field Key: Locate the custom field is your SAML account and retrieve the field unique identifier or field key ID. Copy this from SAML and paste to your Formstack account.
Custom Field Label: Copy the field label from the SAML account and paste to your Formstack account. For additional information on autofill through SSO, please check out our article on Single Sign-On (SSO) Autofill.
Additionally, you can also choose to enable or disable Formstack user creation via SSO at the bottom of the page. By specifying the role that each new user is assigned upon completion, these will become the default roles for all new users created via SSO.
Note: In order for new users to be assigned as a “Participant” role in Forms, Form Workflows must be enabled in your subscription.