Home  >   Articles   >  SAML Support in Vtiger CRM
Articles in this section

SAML Support in Vtiger CRM

Learn how to set up SAML-based login in Vtiger.
25 Apr, 2023 - Updated 5 months ago
Table of Contents


Security Assertion Markup Language or SAML helps identity providers (IDPs) pass credentials to service providers (SPs). You can use a single set of credentials to log in to different software, websites, or applications. 

To read more about SAML, click here


Vtiger supports Single Sign-On via SAML-based identity providers. 

What is Single Sign-On

Single Sign-On or SSO is a type of authentication that allows users to log in to multiple applications using one set of login credentials. Opting for SSO sheds the burden of maintaining separate usernames and passwords for each software off your shoulders. 

Feature Availability


Sales Starter

Sales Professional

Sales Enterprise

All-in-One Professional

All-in-One Enterprise

Feature Availability

SAML Login



Enabling SAML Login

To log in via your SAML server, you must add Vtiger as a service in your SAML-based IDP and simultaneously configure SAML in Vtiger.


Since each one of us might use a different IDP, let’s take the example of OneLogin to enable SAML login in Vtiger.


Follow these steps to enable SAML login in Vtiger using OneLogin:


Step 1: Enable SAML login in Vtiger.

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the Authentication page.
  7. Enable the checkbox beside SAML.

Note: Perform the step above regardless of the IDP that you are using.


Step 2: Perform the OneLogin setup.

  1. Log in to OneLogin.
  2. Click the Applications tab.
  3. Select Applications.
  4. Click the Add App button.
  5. Search for SAML Test Connector using the search bar.
  6. Select SAML Test Connector (IdP w/ attr w/ sign response).
  7. Set up a display name, icon, and other basic details. 
  8. Click Save.

Step 3: Set up SAML in Vtiger.


Note: Keep your Vtiger and OneLogin tabs open in your browser to perform this step.

  1. Click the SSO tab in OneLogin.
  2. Click View Details under X.509 Certificate in OneLogin.
  3. Copy the certificate and paste it into X.509 Certificate in Vtiger.
  4. Copy the following from OneLogin and paste them in Vtiger:
    • Issuer URL into IDP Entity ID
    • SAML 2.0 Endpoint (HTTP) into IDP SSO URL
    • SLO Endpoint (HTTP) into IDP SLO URL
  5. Click Save in Vtiger.
  6. Click the Configuration tab in OneLogin.
  7. Copy the following from Vtiger and paste them in OneLogin:
    • SP ACS URL into ACS (Consumer) URL Validator
    • SP ACS URL into ACS (Consumer) URL
  8. Insert a backslash (\) before each forward-slash (/) in ACS (Consumer) URL Validator to make it a regular expression.
  9. Click Save.

Handy details!

The NameID parameter in OneLogin is used to identify users. Vtiger expects the NameID parameter to be of the type Email and verifies it against the value in the Username field in Settings > User management > Users.


Follow these steps to set the NameID value:

  1. Click the Parameters tab in OneLogin.
  2. Select Email (SAML NameID).
  3. Select Email from the Value dropdown.
Was this article helpful?
0  out of  1  found this helpful.
Comments 0
Be the first to comment
© Copyright 2023 Vtiger. All rights reserved.