Skip to Content

Using SAML for single-sign-on

TwentyThree supports Secure Assertion Markup Language (SAML) 2.0, which allows you to provide single sign-on using Active Directory and LDAP. Single sign-on (SSO) allows you to authenticate users via the corporate system they are already using. For internal- and security purposes, this is a nice way of allowing users to access TwentyThree without separate login credentials. Visit the API documentation on SSO to learn more about it.

The user logs in via the corporate system, clicks a link to access TwentyThree and is automatically logged in—without having to log in through the TwentyThree portal.

All user data and authentication processes are handled externally outside of TwentyThree servers, but changes made will be synced back to TwentyThree – such as adding or deleting a user.

Setting up Active Directory using SAML 2.0

The following steps comply when setting up the Active Directory using SAML 2.0: 

  1. You import the following Active Directory URL:
  2. You send the corresponding metadata certificate back to us at We will then make sure it is running simply by activating your certificates and setting up a test environment. 
  3. We will ask you to test the login process where you'll be exposed with a success page. 
  4. We will then approve the login process on our servers and you are good to go.

Active Directory integration using SAML 2.0 is available for all TwentyThree Enterprise customers and can be implemented by contacting us. Please contact our Support at if you have any questions.