PixieBrix Docs
CommunityTemplates
  • Welcome to PixieBrix!
  • Quick Start
    • Productivity Enthusiasts
    • Mod Developer
    • Team Member
    • Enterprise Admin
  • Activating Mods
    • Linking Your PixieBrix Account
    • Using the Marketplace
      • Finding Mods
      • Activating From the Marketplace
    • Activating Your Assigned Mods
    • Updating Mods
    • Troubleshooting
  • Developing Mods
    • Building Your First Mod
    • Developer Concepts
      • Types of Mods
        • Context Menu Item
        • Button
          • Troubleshooting Buttons
        • Sidebar Panel
        • Trigger
          • Working with Custom Events
        • Quick Bar Action
        • AI Copilot
        • What Are URL Match Patterns?
      • Text Template Guide
        • Basic Text Templates
        • Transforming Data with Filters
        • Writing Conditional Statements
        • Template Examples
      • Using Bricks
        • Brick Input Data Types
        • Bricks for Scraping Data
          • Retrieving Attributes from Elements
        • Bricks for Interacting with the DOM
        • Bricks for AI
          • Passing Custom Data to an LLM
      • Data Context
        • Types of Variables
        • Using Mod Variables
        • Using Page State (Advanced)
        • Referencing Variables
      • User Input
        • Show a Modal or Sidebar Form
        • Prompt for Input
      • Working With APIs
        • API Providers
        • Encoding URL Parts
        • Selecting and Transforming API Results
      • Working with Markdown
      • Control Flow
        • Conditional Field on Bricks
        • Control Flow Bricks
          • When to Use Control Flow Bricks
          • Control Flow Brick Output
          • Raising Exceptions/Errors
          • FAQs
      • Transforming Data
        • Using JQ in PixieBrix
        • Using JavaScript in PixieBrix
      • Building Interfaces
        • Understanding the Preview Panel
        • Styling Elements
        • Adding Advanced Elements
        • Custom Themes/CSS
      • Advanced: Brick Runtime
    • Customizing Existing Mods
    • Sharing Mods
      • Packaging a Mod
      • Exposing Activation-Time Mod Options
      • Sharing a Mod With Your Team
      • Updating Published Mods
    • Troubleshooting
    • Mod Development Best Practices
    • Advanced: Workshop
  • Platform Overview
    • Page Editor
      • Open the Page Editor
      • Page Editor Components
        • Mod Listing Panel
        • Brick Actions Panel
        • Brick Configuration Panel
        • Data Panel
    • Admin Console
      • Campaigns
    • Extension Console
  • Managing Teams
    • Creating a Team
    • Inviting Members
    • Access Control
      • Roles
      • Groups
    • Managing Team Integrations
    • Assigning Mods
    • Billing
    • Advanced: Isolating Development, Test, and Production Environments
  • Deploying Mods
    • Deployment Keys
  • Integrations
    • Configuring Integrations
    • Integration Scenarios
    • Embed Web Apps via IFrames
    • Integrate with Desktop Apps via Custom URL Schemes
    • Airtable
    • Atlassian
    • Automation Anywhere
      • Configure Automation Anywhere Integration in PixieBrix
      • Embedding the Automation Co-Pilot
      • Running AA Bots via Control Room
      • Creating AARI Requests
      • Enhancing AARI Table Fields
      • Enhancing AARI Forms
      • AARI Extensions Enterprise IT Setup Guide
        • Point PixieBrix Extension to Staging AuthConfig App
      • Create a Control Room Certificate on Windows
    • Google Drive
      • Creating Google Drive Integration
      • Google Drive Bricks
      • Migrating from Google Sheet to Google Drive Integration
      • Reactivating Your Google Sheet Mods
      • Troubleshooting Google Integration Errors
      • Sheety: Sharing Google Sheets without Google Workspace
      • [LEGACY] Configure Google Sheets Integration
      • [LEGACY] Adding a Google Sheet to Mod Input
    • Guru
    • Hunter.io
    • HTTP Basic Authentication
    • Microsoft
      • Connect to Custom Azure Applications/APIs
      • Add a Power BI chart to the Sidebar
      • Microsoft Power Automate
      • Microsoft Office
        • Microsoft OneDrive / Files
        • Microsoft Excel
        • Microsoft Sharepoint
        • Microsoft Teams
        • FAQs & Troubleshooting
    • Notion
      • Public (OAuth2)
      • Internal (API Token)
    • OAuth2 Client Credentials
    • Ollama
    • OpenAI/ChatGPT
    • Pipedrive
    • Retool
      • Embed a Retool App
      • Trigger Retool Workflows
    • Robocorp Control Room Integration
    • Salesforce
    • SerpAPI
    • ServiceNow
    • Slack
    • Streamlit
    • Trello
      • Configure Trello integration
      • Find board and list IDs in Trello
    • UiPath
      • Running unattended bots via UiPath Cloud Orchestrator
      • Embed a UiPath App
      • Running local bots via UiPath Assistant
    • Val Town
    • Zapier
    • Zendesk
    • Advanced: Custom Integrations
  • Storing Data with Team Databases
  • Enterprise IT Setup
    • Authentication
      • Enabling Login with Microsoft
      • Enabling Login with Google
      • Setting Up SAML/SSO
    • Browser Extension Installation and Configuration
      • Browser Extension Installation Policy
        • Google Workspace Policy
        • Windows Group Policy/ADMX
        • Windows Registry
        • Citrix Profile Configuration
        • Advanced: Create a Windows Installer EXE
      • Browser Extension Configuration Policy
        • Extension Authentication Configuration
        • Microsoft Edge Mini Menu Configuration
        • Microphone and Audio Capture Configuration
        • Extension Logo Configuration
        • Managed Storage Schema
      • Browser Extension Security
    • Network/Email Firewall Configuration
    • Custom Branding and Themes
    • Security and Compliance
    • Performance
    • Version Control and Backups
    • Web Application Platform Configuration
    • Enterprise Troubleshooting
  • Developer API
    • Service Accounts
    • Making an API Request
    • Team Management APIs
    • Package Management APIs
    • Deployment APIs
    • Database APIs
    • Health Check APIs
    • OpenAPI Specification
    • Deprecated Resources
  • How To
    • Installing the PixieBrix Chrome Browser Extension
    • Changing the Quick Bar Shortcut
    • Pinning the Chrome Extension
    • Updating the Browser Extension
    • Installing a PixieBrix Pre-Release Build
    • Editing Pages with iFrames
    • Adding bricks to mods
    • Opening the PixieBrix Sidebar
    • Troubleshooting
      • Troubleshooting Bad API Requests
      • Troubleshooting Network Errors
      • Troubleshooting IndexedDB Errors
      • Troubleshooting Browser Extension Performance and Crashes
      • Troubleshooting extension corruption errors
  • Release Notes
    • ✅Release 2.3.0
    • ✅Release 2.2.10
    • 📜Release Notes Archive
      • ✅Release 2.2.9
      • ✅Release 2.2.8
      • ✅Release 2.2.7
      • ✅Release 2.2.6
      • ✅Release 2.2.5
      • ✅Release 2.2.4
      • ✅Release 2.2.3
      • ✅Release 2.2.2
      • ✅Release 2.2.1
      • ✅Release 2.2.0
      • ✅Release 2.1.7
      • ❌Release 2.1.6
      • ✅Release 2.1.5
      • ✅Release 2.1.4 (Hotfix)
      • ✅Release 2.1.3
      • ✅Release 2.1.2
      • ✅Release 2.1.1
      • ✅Release 2.1.0
      • ✅Release 2.0.7
      • ✅Release 2.0.6
      • ✅Release 2.0.5
      • ✅Release 2.0.4
      • ✅Release 2.0.3
      • ✅Release 2.0.2
      • ✅Release 2.0.1 (Hotfix)
      • ✅Release 2.0.0
      • PixieBrix Browser Extension 2.0.0 Migration Guide
      • ✅Release 1.8.14
      • ✅Release 1.8.13
      • ✅Release 1.8.12
      • ✅Release 1.8.11
      • ✅Release 1.8.10
      • ✅Release 1.8.9
      • ✅Release 1.8.8
      • ✅Release 1.8.7
      • ✅Release 1.8.6
      • ✅Release 1.8.5
      • ✅Release 1.8.4
      • ✅Release 1.8.3
      • ✅Release 1.8.2
      • ✅Release 1.8.1
      • ✅Release 1.8.0
      • ✅Release 1.7.41
      • ✅Release 1.7.40
      • ✅Release 1.7.39
      • ✅Release 1.7.38
      • 🚫Release 1.7.37
      • ✅Release 1.7.36
      • ✅Release 1.7.35
      • ✅Release 1.7.34
      • ✅Release 1.7.33
      • ✅Release 1.7.32
      • 🚫Release 1.7.31
      • ✅Release 1.7.30
      • ✅Release 1.7.29
      • ✅Release 1.7.28
      • ✅Release 1.7.27
      • ✅Release 1.7.26
      • ✅Release 1.7.25
      • ✅Release 1.7.24
      • ✅Release 1.7.23
      • ✅Release 1.7.22
      • ✅Release 1.7.21
      • ✅Release 1.7.20
      • ✅Release 1.7.19
      • ✅Release 1.7.18
      • ✅Release 1.7.17
      • ✅Release 1.7.16
      • ✅Release 1.7.15
      • ✅Release 1.7.14
      • ✅Release 1.7.13
      • ✅Release 1.7.12
      • ✅Release 1.7.11
      • ✅Release 1.7.10
      • ✅Release 1.7.9
      • ✅Release 1.7.8
      • ✅Release 1.7.7
      • ✅Release 1.7.6
      • 🚫Release 1.7.5
      • ✅Release 1.7.4
      • ✅Release 1.7.3
      • ✅Release 1.7.2
      • ✅Release 1.7.1
      • ✅Release 1.7.0
      • ✅Release 1.6.4
      • ✅Release 1.6.3
      • ✅Release 1.6.2
      • ✅Release 1.6.1
      • ✅Release 1.6.0
      • ✅Release 1.5.11
      • ✅Release 1.5.10
      • ✅Release 1.5.9
      • ✅Release 1.5.8
      • ✅Release 1.5.7
      • ✅Release 1.5.6
      • ✅Release 1.5.5
      • ✅Release 1.5.4
      • ✅Release 1.5.3
      • ✅Release 1.5.2
      • ✅Release 1.5.1
      • ✅Release 1.5.0
      • ✅Release 1.4.12
      • ✅Release 1.4.11
      • ✅Release 1.4.10
      • ✅Release 1.4.9
      • ✅Release 1.4.8
      • ✅Release 1.4.7
      • ✅Release 1.4.6
      • 🚫Release 1.4.5
      • ✅Release 1.4.4
      • 🚫Release 1.4.3
      • 🚫Release 1.4.2
      • ✅Release 1.4.1
      • ✅Release 1.4.0
      • 🚫Release 1.3.2
      • ✅Release 1.3.1
      • ✅Release 1.3.0
      • ✅Release 1.2.11
      • ✅Release 1.2.10
      • ✅Release 1.2.9
      • ✅Release 1.2.8
      • ✅Release 1.2.7
      • ✅Release 1.2.5
      • ✅Release 1.2.4
      • ✅Release 1.2.3
      • ✅Release 1.2.2
      • ✅Release 1.2.1
      • ✅Release 1.2.0
      • ✅Release 1.1.12
      • ✅Release 1.1.11
      • ✅Release 1.1.10
      • ✅Release 1.1.9
      • ✅Release 1.1.8
      • ✅Release: 1.1.7
      • ✅Release: 1.1.6
      • ✅Release: 1.1.5
      • ✅Release: 1.1.4
      • ✅Release: 1.1.3
      • ✅Release: 1.1.2
      • ✅Release: 1.1.1
      • ✅Release: 1.1.0
      • ✅Release: 1.0.3
      • ✅Release: 1.0.2
      • ✅Release: 1.0.1
      • ✅Release: 1.0.0
      • ✅Release: 0.2.2
      • ✅Release: 0.2.1
  • Tutorials
    • Developer Tutorials
      • Beginner
        • Search Yelp Reviews from OpenTable
        • Right-click Currency Conversion
        • Web Highlighter Tutorial
        • Trello Status Sidebar
        • Right-click Google Scholar Search
        • Google Dorking
        • Tweet a Link
        • Ask AI To Generate a LinkedIn Connection Request
        • How to Customize the AI Rate and Fix Mod
        • Right-click Translate Language
        • Basic Translation Tutorial
        • AI Bot Sidebar
        • Search and Highlight Words on a Page
      • Intermediate
        • Create a status nudge button in Github
Powered by GitBook
On this page
  • Step 1: Download the PixieBrix Service Provider (SP) Metadata
  • Step 2: Configure your Identity Provider (IDP)
  • Step 3: Send Identity Provider Configuration to the PixieBrix Support Team
  • Step 4: Test the SAML/SSO Connection
  • Recommended: Configure the PixieBrix Browser Extension Policy
  • Troubleshooting

Was this helpful?

  1. Enterprise IT Setup
  2. Authentication

Setting Up SAML/SSO

PreviousEnabling Login with GoogleNextBrowser Extension Installation and Configuration

Last updated 9 months ago

Was this helpful?

Step 1: Download the PixieBrix Service Provider (SP) Metadata

  1. Visit the SAML Service Provider (SP) Metadata link:

  2. Download to a file. In Step 2, you will upload the metadata file to your Identity Provider (IDP)

Step 2: Configure your Identity Provider (IDP)

The documentation uses as an IDP in the example below. However, the configuration should be similar for any vendor. Please feel free to contact if you have any questions/concerns.

Step 2a: Create a SAML App in your IDP

  1. Login to JumpCloud as an Administrator:

  2. Click “SSO” on the left side panel. Then click “Add New Application” > “Custom SAML App”

  3. “General Info” tab Display Name: PixieBrix

  4. “SSO” tab

    1. In another tab, navigate to and save the metadata to a file

    2. Upload Metadata: Then upload the metadata to JumpCloud. Uploading the metadata should populate the following fields:

      - Service Provider (SP) Entity ID - ACS URL

    3. IDP Entity ID:

      Note the IDP Entity ID

      If you do not already have an IDP Entity ID, contact

2b: Configure the Service Provider Attribute Name Mapping

User Attributes: PixieBrix requires certain attributes to provision a user from your IDP. You must map attributes from your IDP to the Service Provider attributes PixieBrix requires.

PixieBrix requires the following attributes:

Service Provider Attribute Name
Identity Provider Attribute

urn:oid:0.9.2342.19200300.100.1.1

Unique User Identifier (e.g., Username)

urn:oid:0.9.2342.19200300.100.1.3

Email

urn:oid:2.5.4.42

First Name / Given Name

urn:oid:2.5.4.4

Last Name / Surname / Family Name

Example: JumpCloud Configuration

Service Provider Attribute Name
JumpCloud Attribute Name

urn:oid:0.9.2342.19200300.100.1.1

username

urn:oid:0.9.2342.19200300.100.1.3

email

urn:oid:2.5.4.42

first Name

urn:oid:2.5.4.4

last Name

For example, once completed in JumpCloud, the “User Attributes” section should contain the following attribute name mapping:

Example: Microsoft Entra (formerly Azure AD)

Service Provider Attribute Name
Entra Attribute Name

urn:oid:0.9.2342.19200300.100.1.1

user.userprincipalname

urn:oid:0.9.2342.19200300.100.1.3

user.mail

urn:oid:2.5.4.42

user.givenname

urn:oid:2.5.4.4

user.surname

Example: Okta

2c: Assign Users in the Identity Provider to the SAML Application

Grant the users that should have access to log in with SAML.

For example: the screenshot below shows granting the PixieBrix Engineering group access to the SAML App in JumpCloud

Step 3: Send Identity Provider Configuration to the PixieBrix Support Team

  • IDP Entity ID

  • IDP URL (aka SSO URL)

  • IDP Public Certificate: You can download the public certificate from the IDP.

For example, in JumpCloud, you can download the certificate from the IDP Certificate Valid dropdown, and clicking "Download Certificate”:

Step 4: Test the SAML/SSO Connection

After providing the IDP information to the PixieBrix support team in Step 3, the PixieBrix team will provide a URL for the authentication flow.

The sign-in URL the support team provides will have the form: https://app.pixiebrix.com/login/saml/?idp=<label>,<orgId>

  • orgId: your tenant id in PixieBrix

  • label: a label to distinguish multiple IDPs for a single tenant

Recommended: Configure the PixieBrix Browser Extension Policy

You can configure your PixieBrix Browser Extension Policy (Google Workspace or GPO) to automatically authenticate with your configured IDP.

  1. Set the ssoUrl property for the managed browser extension settings. Read more information on IT-managed browser extension configuration in Browser Extension Configuration Policy

Property

Value

ssoUrl

Authentication flow URL. Will have the form: https://app.pixiebrix.com/login/saml/?idp=<label>,<orgId>

Troubleshooting

Users receive a error for the IDP: "Your administrator has configured the application PixieBrix to block users unless they are specifically granted ("assigned") access to the application"

This IDP error indicates that the user has not been assigned to the SAML application. Refer to Step 2c: Assign Users in the Identity Provider to the SAML Application

Users receive a server error from PixieBrix after logging into the Identity Provider

SAML defines for configuring Service Provider attributes. For example, urn:oid:0.9.2342.19200300.100.1.3 corresponds to the user’s email.

Completed User Attribute Mapping in JumpCloud

Refer to .

Refer to

PixieBrix needs certain data from the IDP to complete the integration. Please securely send the following information:

Downloading a public IDP certificate from Jump Cloud

Contact to receive the authentication flow URL

The server error upon IDP login indicates that the user attributes have not been mapped in the Identity Provider property. Refer to Step 2b: Configure the Service Provider Attribute Name Mapping The PixieBrix platform team is working to improve the error message. In the meantime, contact to receive the error details

Attribute Definitions
the Microsoft Entra Documentation for accessing the Attributes & Claims
Okta Help Article: Attribute Claims Mapping with Custom SAML Application
[email protected]
[email protected]
[email protected]
https://app.pixiebrix.com/api/saml/metadata/
JumpCloud
[email protected]
https://console.jumpcloud.com/login/admin
https://app.pixiebrix.com/api/saml/metadata/
[email protected]