Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Addigy, ensure you meet the following requirements:
- Addigy admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Addigy are registered in your IdP and have the necessary permissions to access Addigy.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Addigy - SSO configuration
Start Configuration in Addigy
- Log in to your Addigy dashboard.
- In the left-hand navigation bar, click Account, then select Integration.
- Scroll down to the Log In Options section.
- Click on New SAML App.
- A configuration window will appear with several fields to complete. Keep this page open.
Configure the Client in Multi-Pass (MPAS)
- Go to Open Multi-Pass Dashboard
- Select your deployment, then click Advanced Console on the left.
- In the new console, go to Clients > Create Client.
If Addigy provides a metadata file, you can also click Import Client to simplify the setup.Manual Client Configuration
| Field | Value or Action |
|---|---|
| Client Type | SAML |
| Client ID | Entity ID provided by Addigy |
| Name | e.g., Addigy |
| Description | e.g., SSO Integration |
| Always display in UI | ON |
- Click Next to proceed.
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/Randintegration/protocol/saml/clients/addigy |
| Valid Redirect URIs | Based on Addigy |
| IDP-Initiated SSO URL Name | addigy |
- Click Save.
Review Settings in Each Tab
Settings Tab
| Setting | Value |
|---|---|
| Valid Redirect URIs | Provided by Addigy |
| IDP-Initiated SSO URL Name | addigy |
| Home URL | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/ |
| Relay State | Optional |
| Name ID Format | |
| Force Name ID Format | ON |
| Sign Documents | OFF |
| Sign Assertions | ON |
Keys Tab
- Make sure both parameters are switch to OFF
Advanced Tab
- make sure Assertion Consumer Service POST Binding URL = Valid Redirect URIs
Attribute Mapping (Required by Addigy)
Addigy requires the following attributes:
- given_name → user's first name
- family_name → user's last name
- email → user's email
To configure them:
- Click on the Client Scopes tab.
- Select the assigned client scope (same as your Client ID).
- Click Add Mapper > By Configuration > User Property.
Create mappers one by one:
| Field | Value |
|---|---|
| Name | given_name / family_name |
| Property | firstName / lastName |
| Friendly Name | given_name / family_name |
| SAML Attribute Name | given_name / family_name |
| SAML Attribute Name Format | Basic |
Repeat the process for
email if not already included by default.Retrieve the X.509 Certificate
- In the left menu, click on Realm Settings.
- Go to the Keys tab.
- On the RS256 line, click Certificate.
- A window will open — copy the certificate and paste it into a Notepad file for use in Addigy.
Finalize Setup in Addigy
- Back in the SAML App configuration page in Addigy:
| Field | Value |
|---|---|
| App Name | Multi-Pass (or any label) |
| SSO URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| Certificate | Upload X.509 certificate from MPAS |
| Allow Automatic User Provisioning | ON |
| Allow IdP-Initiated SSO | ON |
- Click Update, then switch the toggle to Enabled in the top-right corner.
You're Done!
Multi-Pass is now fully integrated as a SAML Identity Provider for Addigy.
Your users can now authenticate passwordlessly using their Multi-Pass account.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Datadog - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Datadog using MPAS. SSO simplifies user authentication by allowing access to multiple ...Trend Micro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Trend Micro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Zendesk - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Zendesk using MPAS. SSO simplifies user authentication by allowing access to multiple ...BambooHR - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Bamboo HR using MPAS. SSO simplifies user authentication by allowing access to multiple ...