SAML SSO setup
Batida supports SAML 2.0 single sign-on on the Enterprise plan. This guide covers how to configure SAML with your identity provider (IdP).
Prerequisites
- Enterprise plan (or trial)
- Organization admin access
- Your IdP metadata URL and certificate
Step 1 — Add a SAML configuration
- Navigate to Settings > Security.
- In the SSO section, click Add SAML Provider.
- Fill in the fields:
| Field | Description |
|---|---|
| Provider name | A display name for your IdP (e.g., Okta, Azure AD) |
| IdP Entity ID | The entity ID from your IdP metadata |
| SSO URL | The Single Sign-On URL from your IdP metadata |
| Certificate | The X.509 certificate from your IdP |
- Click Save.
Step 2 — Download SP metadata
After saving, Batida generates a Service Provider (SP) metadata XML:
- Navigate to Settings > Security.
- In the SSO section, click Download SP Metadata.
- Provide this XML file to your IdP administrator.
Step 3 — Test the connection
- Navigate to Settings > Security.
- Click Test SAML Login.
- You will be redirected to your IdP login page.
- After authenticating, you're redirected back to Batida and automatically signed in.
Step 4 — Enforce SSO-only authentication (optional)
After SAML is configured, admins can require all members to use SSO:
- Navigate to Settings > Security.
- Toggle SSO-only authentication.
- Members will no longer be able to sign in with email/password.
WARNING
Enabling SSO-only mode does not affect existing sessions. Members already logged in remain logged in until their session expires.
Troubleshooting
| Problem | Solution |
|---|---|
| "Invalid SAML response" | Check that the IdP certificate matches the one configured in Batida. |
| "Redirect loop" | Verify that the IdP SSO URL and ACS URL match. |
| "Certificate expired" | Upload the updated certificate from your IdP. |