role<\/code><\/td>No<\/td> The user\u2019s role in Refiner<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nThe role<\/code> attribute is optional. If no role is provided, new users will be assigned the Manager<\/code> role by default.<\/p>\n\n\n\nThe following role values are supported:<\/p>\n\n\n\n
\nadmin<\/code><\/li>\n\n\n\nmanager<\/code><\/li>\n\n\n\ncontributor<\/code><\/li>\n\n\n\nanalyst<\/code><\/li>\n<\/ul>\n\n\n\nStep 5: Check settings<\/h2>\n\n\n\nSigning of Responses and Assertions<\/h3>\n\n\n\n Refiner requires both SAML responses and assertions to be signed. Please make sure signing is enabled for both in your Identity Provider.<\/p>\n\n\n\n
NameId Format<\/h3>\n\n\n\n Refiner expects the NameID format to be set to:<\/p>\n\n\n\n
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\n<\/pre>\n\n\n\nThis means Refiner expects a stable, persistent user identifier.<\/p>\n\n\n\n
If your Identity Provider cannot use the persistent NameID format, Refiner can also support the email address NameID format:<\/p>\n\n\n\n
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\n<\/pre>\n\n\n\nPlease let us know if you need to use the email address NameID format instead.<\/p>\n\n\n\n
Step 6: Test authentication<\/h2>\n\n\n\n Once the setup is complete, log out of your Refiner account and go to the Refiner login screen.<\/p>\n\n\n
\n
Choose Sign in with SSO<\/strong> and enter your email address. You should be redirected to your Identity Provider, where you can authenticate with your organization credentials.<\/p>\n\n\n\nAfter successful authentication, you will be redirected back to Refiner and should be logged in automatically.<\/p>\n\n\n\n
We recommend testing the setup with one or two users before rolling it out to your entire organization.<\/p>\n\n\n\n
Step 7: Enforce SSO<\/h2>\n\n\n\n After you have confirmed that authentication via SSO is working correctly, let the Refiner team know.<\/p>\n\n\n\n
We will then enforce SSO as the required authentication method for your account. From that moment on, users will no longer be able to log in to Refiner with email and password. All authentication will happen through your Identity Provider.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Refiner supports authentication through SAML Single Sign-On. SAML SSO allows your organization to manage user access to Refiner through your Identity Provider, such as Okta, Microsoft Entra ID, Google Workspace, OneLogin, or another SAML-compatible provider. Setting up SAML SSO for Refiner is currently a manual process. It requires coordination between your Refiner account team and […]<\/p>\n
Read More…<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","template":"","knowledgebase_tag":[],"class_list":["post-28670","knowledgebase","type-knowledgebase","status-publish","hentry","knowledgebase_cat-authentication"],"acf":[],"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","ab-block-post-grid-landscape":"","ab-block-post-grid-square":"","gb-block-post-grid-landscape":"","gb-block-post-grid-square":""},"post_excerpt_stackable_v2":"Refiner supports authentication through SAML Single Sign-On. SAML SSO allows your organization to manage user access to Refiner through your Identity Provider, such as Okta, Microsoft Entra ID, Google Workspace, OneLogin, or another SAML-compatible provider. Setting up SAML SSO for Refiner is currently a manual process. It requires coordination between your Refiner account team and your organization\u2019s Identity Provider administrator. SAML SSO is included in Refiner Enterprise plans. For customers on Essentials and Growth plans, SAML SSO can be enabled for a one-time setup fee. Once SAML SSO is enabled, your organization can control which users have access to Refiner…<\/p>\n","category_list_v2":"","author_info_v2":{"name":"Moritz Dausinger","url":"https:\/\/refiner.io\/docs\/author\/user\/"},"comments_num_v2":"0 comments","yoast_head":"\n
Set up SAML SSO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Set up SAML SSO\" \/>\n<meta property=\"og:description\" content=\"Refiner supports authentication through SAML Single Sign-On. SAML SSO allows your organization to manage user access to Refiner through your Identity Provider, such as Okta, Microsoft Entra ID, Google Workspace, OneLogin, or another SAML-compatible provider. Setting up SAML SSO for Refiner is currently a manual process. It requires coordination between your Refiner account team and [...]Read More...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/\" \/>\n<meta property=\"og:site_name\" content=\"Refiner Documentation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-17T16:05:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37-1024x1013.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/\",\"url\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/\",\"name\":\"Set up SAML SSO\",\"isPartOf\":{\"@id\":\"https:\/\/refiner.io\/docs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37-1024x1013.png\",\"datePublished\":\"2026-06-17T15:47:34+00:00\",\"dateModified\":\"2026-06-17T16:05:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage\",\"url\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37.png\",\"contentUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37.png\",\"width\":1510,\"height\":1494},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/refiner.io\/docs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Set up SAML SSO\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/refiner.io\/docs\/#website\",\"url\":\"https:\/\/refiner.io\/docs\/\",\"name\":\"Refiner Documentation\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/refiner.io\/docs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/refiner.io\/docs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/refiner.io\/docs\/#organization\",\"name\":\"Refiner Documentation\",\"url\":\"https:\/\/refiner.io\/docs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png\",\"contentUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png\",\"width\":400,\"height\":61,\"caption\":\"Refiner Documentation\"},\"image\":{\"@id\":\"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Set up SAML SSO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/","og_locale":"en_US","og_type":"article","og_title":"Set up SAML SSO","og_description":"Refiner supports authentication through SAML Single Sign-On. SAML SSO allows your organization to manage user access to Refiner through your Identity Provider, such as Okta, Microsoft Entra ID, Google Workspace, OneLogin, or another SAML-compatible provider. Setting up SAML SSO for Refiner is currently a manual process. It requires coordination between your Refiner account team and [...]Read More...","og_url":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/","og_site_name":"Refiner Documentation","article_modified_time":"2026-06-17T16:05:24+00:00","og_image":[{"url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37-1024x1013.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/","url":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/","name":"Set up SAML SSO","isPartOf":{"@id":"https:\/\/refiner.io\/docs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage"},"image":{"@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage"},"thumbnailUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37-1024x1013.png","datePublished":"2026-06-17T15:47:34+00:00","dateModified":"2026-06-17T16:05:24+00:00","breadcrumb":{"@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#primaryimage","url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37.png","contentUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37.png","width":1510,"height":1494},{"@type":"BreadcrumbList","@id":"https:\/\/refiner.io\/docs\/kb\/authentication\/set-up-saml-sso\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/refiner.io\/docs\/"},{"@type":"ListItem","position":2,"name":"Set up SAML SSO"}]},{"@type":"WebSite","@id":"https:\/\/refiner.io\/docs\/#website","url":"https:\/\/refiner.io\/docs\/","name":"Refiner Documentation","description":"","publisher":{"@id":"https:\/\/refiner.io\/docs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/refiner.io\/docs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/refiner.io\/docs\/#organization","name":"Refiner Documentation","url":"https:\/\/refiner.io\/docs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/","url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png","contentUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png","width":400,"height":61,"caption":"Refiner Documentation"},"image":{"@id":"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/28670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase"}],"about":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/types\/knowledgebase"}],"author":[{"embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/comments?post=28670"}],"version-history":[{"count":4,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/28670\/revisions"}],"predecessor-version":[{"id":28684,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/28670\/revisions\/28684"}],"wp:attachment":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/media?parent=28670"}],"wp:term":[{"taxonomy":"knowledgebase_tag","embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase_tag?post=28670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2026\/06\/Screenshot-2026-06-17-at-17.50.37-1024x1013.png\")
<\/figure><\/div>\n\n\n