Required Settings for SSO

Your SSO Provider Administrator must configure the following settings before integrating with MVP One:

Provider Endpoint URL – The Login URL from your company’s SAML Identity Provider
Issuer ID (Entity ID) – The Identifier from your company’s SAML Identity Provider

• Example: Azure SAML Identity Provider Issuer IDs start with "api://"
  • ‍Username Claim Assertion Attribute – Defines how usernames are mapped to MVP One
• Example: In Azure, MVP One maps email addresses to user.mail
• This must be set by your SSO Provider Administrator
  • Assertion Consumer Service (ACS) URL – Provide this URL to your SAML Administrator
  • Certificate – If required, upload the Base64 certificate from your SAML Identity Provider
• If setup fails, try re-uploading and saving the certificate

How to Enable SSO in MVP One

1. Confirm Provider Settings – Ensure SAML or OAuth settings are correctly configured.
2. ‍Contact MVP One Support – If OAuth is needed, request activation.
3. ‍Test Authentication – Attempt an SSO login and verify user access.
4. ‍Re-upload Certificate (if needed) – If login fails, upload the certificate again.

Best Practices

• Ensure accurate username mapping – Username must match the format set in MVP One.
• ‍Check case sensitivity – Most providers are not case-sensitive, but some may be.
• ‍Verify authentication bindings – MVP One supports HTTP-GET and HTTP-POST for SAML 2.0 ACS.
• ‍Outbound assertion is required – Your provider must send authentication assertions to MVP One.

Still having issues? Contact MVP One Technical Support via Live Chat or support@mvpone.com.