This is a generic guide for configuring SSO. If you are using Google, Azure, or Okta as your identity provider, the specialized guide is recommended:

Prepare the SSO form in Minimus

  1. Open the Minimus SSO form. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
    Keep this form open and available in another browser tab as you configure the SAML app in your identity provider.
  2. The form has 3 parts:
    1. Configure Minimus as a custom app in your identity provider - You will copy these parameters from Minimus to your IdP in the next steps.
      1. SP Entity ID
      2. Reply URL (Callback / ACS URL)
      3. Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
    2. Connect Minimus to your identity provider - You will fetch these parameters from your IdP custom app and save them to the Minimus form.
      1. Login SSO URL
      2. IdP Entity ID
      3. Certificate
    3. SAML Attribute Mapping - You will fetch these parameters from your IdP in the next steps.
      1. Email
      2. Full name

Add Minimus as a custom SAML app in your identity provider

1

Configure Minimus as a custom app in your identity provider

The first step is to create a dedicated application for Minimus in your IdP.
  1. Login to the IdP Admin Console. You will need sufficient permissions to manage the SAML applications.
  2. Create a new SAML application and select SAML 2.0 as the sign-in method.
  3. Name the application. (Minimus App is a good example.)
The exact path for creating the app will depend on your provider.
2

Configure the custom SAML app

  1. In another browser window, open your Minimus app and go to Manage > User Management. Click Configure SSO to open the SSO form (top right corner).
  2. Copy the following parameters from the Minimus app to your IdP.
Minimus ParameterExamples of parameter naming in IdPs
SP Entity IDSP Entity ID, Service Provider ID, Audience URI
Reply URL (also Callback URL)Single sign-on URL, ACS URL, Callback URL, Service Provider Login URL
Relay StateDefault RelayState
The order of the parameters can be different in your IdP.  
3

Connect the SAML app back to Minimus

In this step, we copy the unique parameters from the custom app in the IdP back to the Minimus SSO form. (This is the second section in the Minimus form: Connect Minimus to your identity provider).Once the custom SAML app is created, it usually lists the unique parameters in a SAML section or tab.
Minimus ParameterExamples of parameter naming in IdPsDescription
SSO URLSign on URL, Identity provider Single Sign-On URLThe app-specific login URL created by the IdP
Entity IDIssuer, Identity Provider Issuer URL or IDThe IdP’s unique identifier or issuer ID
4

Copy the public certificate

The IdP’s SAML app will usually provide several certificate options. Copy the Base64 public certificate to the certificate field in the Minimus SSO form.Open the certificate in notepad or another code viewer, and copy the code. Make sure the certificate includes the opening and closing tags.
Sometimes, if you copy the certificate instead of downloading it, it may not include the opening and closing tags:

-----BEGIN CERTIFICATE----------END CERTIFICATE-----

If so, you can paste the certificate between the tags provided by the placeholder.
5

Configure the SAML attribute mapping in Minimus

Attribute mapping is necessary to ensure that the values sent from the IdP match Minimus expectations. Many identity providers use the standard schema but some have other formats (See Okta for example).
Minimus AttributeStandard Schema
Emailhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Full Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
6

Save the Minimus SSO form

You are now ready to save the SSO configuration form in Minimus.
7

Assign access in your IdP

Grant IdP groups and/or users access to Minimus. Usually, you will need to add or assign users to the custom SAML app to give them access.

Troubleshooting SSO access

When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included. 
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----