Generic SAML 2.0

Created by Ajay Vardhan, Modified on Wed, 07 Feb 2024 at 07:17 AM by Ajay Vardhan


Spendflo integrates seamlessly with identity providers supporting SAML 2.0. If your identity provider isn't listed among the integration options in Spendflo, you can configure it using either SAML 2.0 or OpenID if OIDC based.


Ensure your identity provider meets the following minimum requirements:

  1. Conforms to SAML 2.0 standards.
  2. Provides a Single Sign-On URL, an Entity ID or Issuer URL, and a Signing Certificate.
  3. Includes the signing public key in the SAML response.

Configure SAML Setting

To configure the SAML settings, follow these steps:

  1. Navigate to Spendflo, then go to Profile -> Privacy & Security.
  2. In the SSO section, click on the "Setup SSO connection" button located at the top right.
  3. Choose your identity provider from the list or select "Custom SAML" if your provider is not listed.
  4. If you opt for Custom SAML, proceed by clicking "Configure Manually" in the subsequent step.
  5. Copy the ACS URL and Entity ID provided, which you will use for setting up your Identity Provider.

Create an Application in Your Identity Provider

Most identity providers enable users to create applications, which are essentially sets of parameters passed to Spendflo for integration. Follow these typical setup requirements:

  1. Create a new integration in the identity provider with the type set as SAML.
  2. Set both the Entity ID and the ACS/Single Sign-On URL to those copied from Spendflo in the previous section.
  3. Set the Name ID format to Email Address.
  4. Obtain the SSO Endpoint and the Public Certificate.

Complete SAML configuration in Spendflo

  1. Return to Spendflo's SAML configuration and input the SSO Endpoint and Public Certificate obtained from your Identity Provider.
  2. In the claim domain section, add your primary domain.
  3. Copy the Record Name and Record Value to create a new TXT record in your DNS provider.
  4. Once the domain is added, click on "Validate." The validation process typically takes 1-2 minutes.
  5. The setup is now complete.

The New Login Method after Configuration

Upon completing the SAML setup, logging in to Spendflo will involve providing your email address on the Spendflo sign-in page. The system will automatically detect your domain and redirect you to your SAML Identity Provider for authentication. After verification, you'll be logged in to your Spendflo profile seamlessly.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

Can't find what you are looking for?

Email us at