Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Notion using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Notion, ensure you meet the following requirements:
- Notion Business or Enterprise plan, workspace owner (Business) or organization owner (Enterprise)
- MPAS Admin rights
- Make sure that all users intended to use SSO in Notion are registered in your IdP and have the necessary permissions to access Notion.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Notion - SSO configuration
Step 1 - Retrieve Notion SAML Settings
- Go to Settings
- Organization Settings
- Click on General, then select SAML SSO.
- Click Edit SAML SSO Configuration.
- Copy the following values:
- ACS URL:
https://www.notion.so/sso/saml/consume - Entity ID:
https://notion.so/sso/saml
- ACS URL:
Step 2 - Configure Multi‑Pass (MPAS) as Identity Provider
- Select your tenant and go to Integrations, applications.
- Click SAML under Custom Integration and enter the following information:
| Field | Value |
|---|---|
Client ID (= SP Entity ID) | https://notion.so/sso/saml |
Name | notion |
Description | SSO integration |
| Assertion Consumer Service URL (= ACS URL) | https://www.notion.so/sso/saml/consume |
| NameID Format |
- Download the X.509 certificate generated by MPAS — this will be uploaded into Notion.
- Click on add integration
- Now we need to verify all the fields in the advanced console, click on it on the left side
- Click client and use the search tab to look for Notion
- Make sure all the fields are well completed,
- In the first section called General settings:
| Field | Value |
|---|---|
| Client ID | https://www.notion.so/sso/saml |
| Name | Notion |
| Description | SAML SSO integration with Notion |
| Always display in UI | ON |
- Scroll to Access settings section :
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs | https://www.notion.so/sso/saml/consume |
| IDP-Initiated SSO URL Name | <APP_NAME> (for example : notion) |
- SAML capabilities
| Field | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Force Artifact Binding | OFF |
| Include AuthnStatement | ON |
| Include OneTimeUse Condition | OFF |
| Optimize REDIRECT signing key lookup | OFF |
| Allow ECP flow | OFF |
- Signature and Encryption
| Field | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
| Encrypt Assertions | OFF |
| Encrypt NameID | OFF |
- Now change the tab to "Keys" and make sure that both parameters are switch to OFF.
- Finally go to the advanced tab :
- Assertion Consumer Service POST Binding URL = Valid redirect URIs = ACS URL: https://www.notion.so/sso/saml/consume
- Before moving back to Notion we need to adjust one additionnal parameter, go to the tab "Client scope"
- Select your client
- Click on configure a new mapper. we will need to add
- First Name
- Last Name
- Select for both "User attribute" and complete the different fields :
First name
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | firstName |
| User Attribute | firstName |
| Friendly Name | First Name |
| SAML Attribute Name | firstName |
| SAML Attribute NameFormat | Basic |
Last Name
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | lastName |
| User Attribute | lastName |
| Friendly Name | Last Name |
| SAML Attribute Name | lastName |
| SAML Attribute NameFormat | Basic |
Step 3 - Complete SAML Setup in Notion
- Go to Notion Settings, Identity (Business) or Organization Settings, SAML SSO (Enterprise).
- Click Enable SAML SSO to open the configuration dialog.
- Paste the IdP metadata URL or full XML from MPAS into the corresponding field.
- Review and configure:
- Login method
- Automatic account creation
- Linked workspaces
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...Kaseya One - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...UiPath - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Wrike - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...