You must be an Organization Owner.
Step 1: Configure your Identity Provider
Declare Forest as a Service Provider in your IdP using these values:| Setting | Value |
|---|---|
| Callback URL / ACS URL | https://api.forestadmin.com/api/saml/callback |
| Sign on URL | https://api.forestadmin.com/api/saml/callback |
| Logout URL | https://app.forestadmin.com/login |
| Audience (EntityID) | Displayed in your Forest Organization settings |
Step 2: Configure Forest
In your Organization settings → Security tab, configure Forest with your IdP’s information. Option 1: XML metadata endpoint (recommended) Provide the URL to your IdP’s metadata XML endpoint. This supports automatic certificate rotation without service interruption. Option 2: XML file upload Upload the metadata XML file generated by your IdP. Option 3: Manual input Enter manually:- Login endpoint
- Logout endpoint
- Valid certificate
Step 3: Test and enable
Click “Test configuration” to verify authentication works. Once confirmed, enable SSO for all users.After enabling SSO, all users will be required to log in again.
IdP-initiated login (optional)
Enable IdP-initiated login to allow users to be redirected to Forest directly from your IdP dashboard. Set this Relay State on your IdP:Troubleshooting
- Double-check all endpoints and certificate expiration dates
- Ensure the
NameIDin your IdP is set to the email address used on Forest accounts - Ensure your IdP is configured for SAML 2.0