ProtoPie (SP) does not currently provide cert data (X.509 cert).

Our service reads the metadata provided by the IdP and uses the X.509 certificate if it exists in the metadata. If it does not exist, the X.509 certificate of the signature is obtained from the SAML response received as the ACS URL.

The ACS URL provided by ProtoPie (SP) can be checked on the Admin Dashboard as follows: “Assertion Consumer URL”.

If the Email/Password verification method is not enabled, you cannot use this method for the log-in. Once you enable Email/Password at Authentication in Service Admin Settings, you may log in.

After this procedure, members can set their own passwords in Account Settings.

Currently, ProtoPie Enterprise does not support Single Logout (SLO).

If you sign up by using SAML or OIDC, the first and last name are automatically loaded to IdP.

• If the SAML value is not displayed correctly, please check the SAML Setting in IdP.

• For OIDC, if the value is not displayed correctly, please check IdP.

If you want, you can use one of two verification methods. However, you cannot disable all the verification methods. At least one verification method, Email & Password or SSO, needs to be enabled.

In order to enable the SSO verification method only, the service admin, whose configuration is to be changed, needs to be SSO log-in enabled. In the case of service admin set in the Email & Password method as its initial system configuration, please refer to the procedure below.

1. Invite a new user who is to be set as a service admin.

2. The user signs up by the SSO verification method.

3. The invited user is designated as the service admin.

4. After log-in, the user disables the Email & Password verification method.

5. (Optional) change the existing service admin role to a member.

In a SAML request, it is a means for a SP to ask the IDP to authenticate the user with a specific authentication mechanism. This is optional and depends on your IdP's setup options and requires confirmation from your IdP administrator.

• urn:oasis:names:tc:SAML:2.0:ac:classes:X509

• urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

No, you don’t. Even if you add or remove a user in IdP, it is not automatically reflected on ProtoPie Enterprise.

An Entity ID is a globally unique name for a SAML entity, i.e., your Identity Provider (IdP) or Service Provider (SP). Entity ID is the name. It doesn’t have to be a resolvable web location. The SAML Entity ID must be a URI.

ProtoPie Enterprise follows the format (ACS URL)

• Enterprise Cloud: https://sample.protopie.cloud/api/auth/callback/sso/saml

• Enterprise On-Premise: {PROTOPIE_HOST}/api/auth/callback/sso/saml

The user is recognized as the same user only when the registered email address in both IdP and ProtoPie Enterprise are the same. Therefore, in the case of changing the email address in IdP, you are required to change the registered email address in ProtoPie to the same address in IdP.

Please refer to the procedure below when a service admin changes the email addresses of all members.

1. Change all email addresses in IdP except the service admin account.

2. Change all email addresses at Admin Dashboard in ProtoPie by the service admin.

3. Service admin can change his/her own account by going to Account Setting → Profile.

4. Complete the email address change by accessing an email service of your email address to be changed and check a confirmation email.

Notice: If a verification method of the service admin is set to the SSO log-in, follow this procedure and change the IdP email address.