Documentation
Help centerSynthesia UpdatesLog in

Setup Azure AD for SSO Configuration

Suggest Edits

Step 1 - IdP Configuration

Step 1.1 - Set Entity ID and Reply URL

  • Entity ID: urn:amazon:cognito:sp:eu-west-1_7hEawdalF
  • Reply URL: https://studio.auth.synthesia.io/saml2/idpresponse

Step 1.2 - Set the Unique User Identifier

The Unique User Identifier needs to be an email in lower case. Most frequently, its value is ToLowercase( user.mail ).

Step 1.3 - Set the attributes

Set the email attribute with such configuration:

  • It has to be in lower case. Use the function ToLowercase, often user altogether ToLowercase( user.mail )
  • It has to have NO namespace
  • It has to be named email . Other variations such as emailaddress or email_address are not valid.

Set the other attributes: company, family_name, given_name

Step 1.4 - Share the metadata.xml

Reach out to Synthesia support team with the following details.

  • Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
  • Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: `example.com). For these domains, all other methods of login will be disabled.

Step 2 - Testing phase

Once support processed the metadata file, a testing phase will be on. During that phase:

On app.synthesia.io

  • User will still be able to login with email and password
  • Login with SSO is not yet enabled

Testing SSO

Follow the steps below to login with SSO:

  1. Make sure you are logged out of Synthesia
  2. Go to the unique URL provided by support
  3. Log in your SSO provider (with your own professional email). Note that if you are already logged in your IdP, you should pass through this step automatically
  4. Finally you should be logged in to Synthesia.

Common issues

Paywall

After following the steps to login with SSO, the user sees options to buy Synthesia. This means the user is not part of the workspace: either it is a new user or the email of the user provided by Azure AD is not the one already in used. Make sure to invite the user then.

Blocked by Admin

After following the steps to login with SSO, a message is displayed from Azure AD indicating an error and that it is blocked by Admin. To log in to Synthesia, the user needs to be added in the relevant group in Azure AD. Ask your IdP (Azure AD) administrator to add you in.

Redirection to app.synthesia.io with an error

After following the steps to login with SSO, the user is redirected to app.synthesia.io with a SAML error. Ask your IdP (Azure AD) administrator to review the subtasks from step 1. If still nothing work, contact Synthesia support team.

Step 3 - SSO enforcement

Once the tests are successful and a few users can log in using SSO, the last step is to enforce SSO. Once done, this means login with email and password will be disabled for everyone within your enterprise.

To enforce SSO, reach out to the Synthesia support team including:

  • A validation that the tests worked
  • A list of domain names managed by your IdP (e.g. synthesia.io)

Updated 17 days ago