SAML SSO with Auth0

  • SAML SSO is only available on our Org plan.
  • You must be an admin to enable SAML SSO.

You can successfully setup Auth0 SAML with Whimsical using this minimal setup:

Replace the “Application Callback URL” with the “ACS URL” provided in your Whimsical Workspace settings, and configure the rest of the values like this.

{
  "mappings": {
    "given_name": "givenName",
    "family_name": "LastName",
    "picture": "PhotoURL"
  },
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

There may be other values in your configs, but these are the ones that matter to the Whimsical SAML integration.

Also please note that you may have setup Auth0 differently, and may have different names for values inside of Auth0. But these are the mappings, formats and probes that work for an out-of-the-box setup.

After SAML SSO is configured, you can go back to your Whimsical Workspace settings and adjust the following:

  • Default user role: Whimsical supports JIT (Just-in-time) account provisioning. That means that Whimsical will create an account for a user authenticating via SAML if necessary. New users will be created with the role and permissions you choose:
    • Editors - paid role with full ability to create and edit content
    • Viewers - free role with read and comment-only limited permissions
  • Require SAML for login: You can enable this optional setting if you want to prevent users from accessing your workspace with other means of authentication, such as a password or via Google SSO.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.