guides
Managing SAML SSO access to MailSlurp organizations
Setup team enterprise access using identity providers such as AD, Okta, OneLogin and more. Secure email account sharing with MFA.
MailSlurp enterprise accounts support login and user management using an identity provider such as Azure, Active Directory, OneLogin, Auth0, Okta etc. to manage team shared email inboxes.
- See the SSO step-by-step guide for configuration setup
- See the Okta SAML guide for Idp setup
Single sign on features
SSO login allows company administrators to manage user access to MailSlurp from an in-house identity provider. MailSlurp enterprise plans allow SAML Service Provider integration with common IdPs. Connect your company workforce with MailSlurp and provision role based accounts.
SAML setup overview
- Upgrade your account to an enterprise plan to enable the SAML single sign on feature.
- Create an organization inside the MailSlurp dashboard.
- Configure an identity provider service such as Okta or ActiveDirectory.
- Add a new SAML 2.0 application connection for MailSlurp in your identity provider and obtain the following:
- Issuer
- Entrypoint URL
- X509 Public Certificate
- Inside MailSlurp application create new SAML Settings for your organization. Add the issuer, entrypoint, and x509 certificate to your MailSlurp organization. Optionally add Authncontext for active directory.
- On your identity provider add users to MailSlurp integration. Do not invite users via the invite page on the MailSlurp organization dashboard - use your IdP to manage users.
- Direct users to their SAML login page hosted at
https://enterprise.mailslurp.com/login?slug=your-organization-slugor the link shown on your organization admin page in the MailSlurp dashboard. - See the setup guide for more information
User access and management
- As the administrator use the standard MailSlurp email link login system to login to the admin.
- As an organization user login using your identity provider or at the enterprise login page at https://enterprise.mailslurp.com.
- For role-based access, configure a SAML default role or map SAML claim values to MailSlurp roles. Microsoft Entra app roles, Entra group IDs, Okta groups, and custom SAML attributes can all be used when your identity provider includes those values in the assertion.
Mapping identity provider roles
MailSlurp role mappings match exact SAML claim names and values. For Microsoft Entra, common choices are the app-role claim http://schemas.microsoft.com/ws/2008/06/identity/claims/role and the groups claim http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
Use these mappings to keep access controlled from your identity provider. For example, assign a user to an Entra app role for a test environment, then map that app-role value to a MailSlurp organization role with only the permissions required for that environment. If no mapping matches for a new SAML user, MailSlurp can apply the organization's SAML default role.
Resource management and billing
Organization user resources and tracked against the administrators account. All non-admin user resources are shared across the organization.