- Declare Forest in your Identity Provider using the values below
- Configure Forest with your IdP metadata
You must be an Organization Owner to configure it.
Forest SAML settings
Use these values when configuring Forest as a Service Provider in your IdP:| Setting | Value |
|---|---|
| Callback URL (ACS URL) | https://api.forestadmin.com/api/saml/callback |
| Sign on URL | https://api.forestadmin.com/api/saml/callback |
| Logout URL | https://app.forestadmin.com/login |
| Audience (EntityID) | Displayed in your Forest Organization settings |
Configuration methods
Option 1: XML metadata (recommended)
Provide either a URL to your IdP’s metadata XML endpoint, or upload the metadata XML file. This method supports automatic certificate rotation without service interruption.Option 2: Manual input
Enter the following fields manually:- Login endpoint
- Logout endpoint
- Valid certificate
Enabling SSO
After configuring and testing your SSO setup, enable it for all users in your Organization settings.After enabling SSO, all users will be required to log in again.
IdP-initiated login (optional)
To allow users to be automatically redirected to Forest from your IdP dashboard, enable IdP-initiated login and set a default Relay State on your IdP:Troubleshooting
- Double-check all endpoints and certificate expiration dates
- Ensure the
NameIDconfigured on your IdP matches the email address used on Forest accounts - Ensure you selected SAML 2.0 on your IdP