SSO/SAML Integration
Prevail can use Microsoft Entra and Google Workspace in OAuth2 integration without any setup, and users log in with the Continue with Google or Continue with Microsoft links on the login page.
Prevail can also integrate with any Security Assertion Markup Language Identity Provider (SAML IdP), including Microsoft Entra, Google Workspace, and Okta. This offers additional security and administration features, such as sharing user groups and group memberships. SAML integration requires a setup process for each enterprise. In the SAML model, Prevail serves as the Service Provider (SP), and the enterprise supplies the IdP, whether that’s internal to the enterprise or a third-party such as Entra or Okta.
Obtain Your SAML Configuration File
The first step in setting up SAML integration is to prepare your SAML configuration file. While the exact details may vary slightly between IdPs, this file must contain, at a minimum, the Entity ID, X509 certificate, and endpoint URLs. Below is an example configuration file:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://accounts.google.com/o/saml2?idpid=C03m0b1w1"
validUntil="2026-04-15T17:13:09.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDdDCCAlygAwIBAgIyaddayaddayaddau3CTSH4YihqnkQkNhD6H9fsInau+ROtC7V
1J/7F0gwyWJATeHsTx0 … many more lines … ayaddanRZX92SnZZPnrWSmTF
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://accounts.google.com/o/saml2/idp?idpid=C03m0b1w1"
/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://accounts.google.com/o/saml2/idp?idpid=C03m0b1w1"
/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
For guidance on creating your SAML file, consult the documentation for your IdP. Here are instructions for a few of the most popular IdPs:
Send Your SAML File to Prevail
After preparing your SAML file, forward it to the Prevail support team to proceed with the integration setup. This file does not contain PII or private certificates, so it does not need to be kept secret.
Configure Your Identity Provider
Obtain the Service Provider metadata from Prevail
Download Prevail’s Service Provider metadata. This file contains essential information such as the ACS (Assertion Consumer Service) URI and Entity ID.
Configure the Service Provider in your Identity Provider
Create a new SAML integration in your IdP’s admin dashboard with the SP metadata from Prevail. Some Identity Providers can consume this file directly, while others require you to extract information from the file and enter it in fields. Verify the ACS URI and Entity ID match correctly. Refer to your IdP’s documentation on how to create a new SAML integration.
Final Testing and Login
After you have set up Prevail as a Service Provider, and the Prevail support team has notified you that Prevail has set your IdP up as the IdP for your Organization account, you can test the integration. Login through your IdP’s dashboard to check that the SSO integration works correctly. If you encounter any issues, contact Prevail support for help.
Log in Using SSO
Share how to Log in to Prevail with your organization.