Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Set Up Your Identity Provider in Foundry

Learn how to configure your identity provider for single sign‑on

Before You Begin

Before setting up your identity provider, complete the Pre‑Implementation Checklist to gather the required information from your IT team.

Once you have the necessary identity provider details, you can enter them into your Foundry account.

Access Single Sign‑On Settings

  1. Log in to your organization’s Foundry account using the URL provided by your ComplyEQ representative
    • You must already have a user profile in Foundry
  2. In the left navigation, go to Settings and select Single sign‑on
    • If you do not see this option, the SSO integration has not been enabled for your account. Contact Support for assistance

Download Foundry SAML Metadata

  1. Locate ComplyEQ SAML Metadata
  2. Select View
  3. Either:
    • Download the full metadata file, or
    • Scroll within the modal to download the encryption certificate
  4. Close the modal before continuing

This metadata is shared with your identity provider to establish trust between systems.

Create a New Identity Provider

  1. Select New Identity Provider in the top‑right corner
  2. Enter a Display Name
    • This is the name learners see on the Foundry login page

Configure SSO Behavior Settings

Select the appropriate behavior for your organization:

  • Allow service provider‑initiated login

    • Enable this option if learners should be able to start SSO from Foundry

  • Log users out of this provider when logging out of Foundry

    • Enable this option if learners should also be logged out of the identity provider when they log out of Foundry

  • Suppress welcome email on first login via SSO

    • Enable this option if you do not want users created through SSO to receive an automated welcome email

Review Certificate and Signing Settings

  • ComplyEQ SAML Certificate

    • The most recent certificate is selected automatically

  • Signing Algorithm

    • SHA‑256 is the default and recommended option
    • SHA‑1 is available if required by your identity provider

Add a Technical Contact

In the Technical Contact section, enter a name, phone number, and/or email address.

This contact information:

  • Appears to learners if they encounter an SSO error
  • May be used by ComplyEQ to send notifications about SSO‑related issues, such as certificate expiration

Enter Identity Provider Metadata

In the SSO Metadata section, choose one of the following methods:

  • Use a URL

    • Enter the SAML metadata URL from your identity provider

  • Upload XML Data

    • Upload your identity provider’s SAML metadata file

  • Enter Parameters Manually

    • Use the information collected in the Pre‑Implementation Checklist, including:
      • Identity provider entity ID
      • SSO login URL
      • Single logout (SLO) URL, if supported
      • Identity provider certificate details (fingerprint or full certificate text)

Optional: Enable User Provisioning

If you want users to be created automatically when they sign in via SSO, enable Just‑In‑Time (JIT) User Provisioning.

This step is optional and should be used only if it aligns with your user management strategy.

For more, see: Set Up Just‑In‑Time User Provisioning

Save Your Configuration

Select Save to complete your identity provider setup.

Once saved, your SSO configuration is active and ready for testing.