Download PDF Manual Back to Extension
Back to Knowledge Base
Download this page as PDF

SAML Single Sign-On (SSO) Add-On

The SAML add-on (MageB2B_StaffSaml) allows staff users to authenticate via an external Identity Provider (IdP), such as Azure AD / Entra ID or other SAML 2.0 providers.

Installation

composer config bearer.repo.softwaresilo.io composer config repositories.softwaresilo composer https://repo.softwaresilo.io/ composer require mageb2b/staff-saml:* php bin/magento module:enable MageB2B_StaffSaml php bin/magento setup:upgrade php bin/magento cache:flush

Configuration Location

Go to Stores >Configuration > MageB2B > Staff > SAML settings

Screenshot placeholder: SAML settings section

Key Settings

General settings

  • Enable SAML Single sign-on (staff/saml/general/enable)
  • Disable login with username/password (staff/saml/general/disable_password_login)
  • Group to attributes mapping (staff/saml/general/group_attributes_mapping)
    • JSON mapping between group ids and staff attributes.
    • Example: 
      { "1": {"access_all_customers": 1, "can_create_customer": 1, "can_edit_item_price": 1}, "2": {"access_all_customers": 0, "can_create_customer": 1, "can_edit_item_price": 0} }
  • Default Group Value (staff/saml/general/default_group)
  • Login Button Text (staff/saml/general/login_button_text)

Identity provider settings

  • SP Identifier (staff/saml/config/sp_identifier)
  • IDP Identifier (staff/saml/config/idp_identifier)
  • IDP Login Url (staff/saml/config/idp_login_url)
  • IDP Logout Url (staff/saml/config/idp_logout_url)
  • IDP Public Certificate (staff/saml/config/idp_cert) (Base64)

Main attributes mapping

These fields define which attribute paths are used for user provisioning/mapping:

  • Email (staff/saml/main_attributes_mapping/email)
  • Firstname (staff/saml/main_attributes_mapping/firstname)
  • Lastname (staff/saml/main_attributes_mapping/lastname)
  • Group (staff/saml/main_attributes_mapping/group)
  • Website Code (staff/saml/main_attributes_mapping/website)

IdP Callback / URLs

Typical URLs used by IdP configuration:

  • Reply URL (ACS): https:///staff_saml/index/callback
  • Logout URL: https:///staff_saml/index/logout

Notes

  • If you disable password login, make sure the SAML setup is fully working before rolling out to production (otherwise staff could get locked out).
ReportsSample Data

Found an issue with this documentation? Let us know