Synthesia

Under the Basic SAML configuration set the Entity ID and the Reply URL

- Entity ID: <code>urn:amazon:cognito:sp:eu-west-1_7hEawdalF</code>
- Reply URL: <code>https://studio.auth.synthesia.io/saml2/idpresponse</code>

Under the Attributes &amp; Claims section select edit and then edit the Unique User Identifier. Select transformation, select the ToLowercase function and then user.mail. You should see the transformation value is <code>ToLowercase( user.mail)</code>. Save.

Also under the Attributes &amp; Claims section select edit and then edit the email field to be an email in lowercase. Ensure the attribute is named <code>email</code> . Other variations such as <code>emailaddress</code> or <code>email_address</code> are not valid. On the configuration itself, ensure the namespace is empty. Then select transformation, select the ToLowercase function and then user.mail. You should see the transformation value is <code>ToLowercase( user.mail)</code>. Save.

Set the other attributes: <code>company</code>, <code>family_name</code>, <code>given_name</code>.

Reach out to <a href="mailto:support@synthesia.io" rel="nofollow noopener noreferrer" target="_blank">Synthesia support team</a> with the following details.

- Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
- Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: "example.com"). For these domains, all other methods of login will be disabled.

Once support processed the metadata file, a testing phase will be on. During that phase: On <a href="https://app.synthesia.io/" rel="nofollow noopener noreferrer" target="_blank">app.synthesia.io</a>

1. User will still be able to login with email and password
2. Login with SSO is not yet enabled

Follow the steps below to login with SSO:

1. Make sure you are logged out of Synthesia
2. Go to the unique URL provided by support
3. Log in your SSO provider with your professional email. (Note:that if you are already logged in your IdP, you should pass through this step automatically.)
4. Finally you should be logged in to Synthesia.

Once the tests are successful and users can log in using SSO, the last step is to enforce SSO. Once done, this means login with email and password will be disabled for everyone within your enterprise. To enforce SSO, reach out to the <a href="mailto:support@synthesia.io" rel="nofollow noopener noreferrer" target="_blank">Synthesia support team</a> including:

- A validation that the tests worked
- A list of domain names managed by your IdP (e.g. synthesia.io)

1. Under the Basic SAML configuration set the Entity ID and the Reply URL
 - Entity ID: <code>urn:amazon:cognito:sp:eu-west-1_7hEawdalF</code>
 - Reply URL: <code>https://studio.auth.synthesia.io/saml2/idpresponse</code>

2. Under the Attributes &amp; Claims section select edit and then edit the Unique User Identifier. Select transformation, select the ToLowercase function and then user.mail. You should see the transformation value is <code>ToLowercase( user.mail)</code>. Save. 

3. Also under the Attributes &amp; Claims section select edit and then edit the email field to be an email in lowercase. Ensure the attribute is named <code>email</code> . Other variations such as <code>emailaddress</code> or <code>email_address</code> are not valid. On the configuration itself, ensure the namespace is empty. Then select transformation, select the ToLowercase function and then user.mail. You should see the transformation value is <code>ToLowercase( user.mail)</code>. Save.

4. Set the other attributes: <code>company</code>, <code>family_name</code>, <code>given_name</code>.
5. Reach out to <a href="mailto:support@synthesia.io" rel="nofollow noopener noreferrer" target="_blank">Synthesia support team</a> with the following details.
 - Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
 - Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: "example.com"). For these domains, all other methods of login will be disabled.
6. Once support processed the metadata file, a testing phase will be on. During that phase: On <a href="https://app.synthesia.io/" rel="nofollow noopener noreferrer" target="_blank">app.synthesia.io</a>
 1. User will still be able to login with email and password
 2. Login with SSO is not yet enabled
7. Follow the steps below to login with SSO:
 1. Make sure you are logged out of Synthesia
 2. Go to the unique URL provided by support
 3. Log in your SSO provider with your professional email. (Note:that if you are already logged in your IdP, you should pass through this step automatically.)
 4. Finally you should be logged in to Synthesia.
8. Once the tests are successful and users can log in using SSO, the last step is to enforce SSO. Once done, this means login with email and password will be disabled for everyone within your enterprise. To enforce SSO, reach out to the <a href="mailto:support@synthesia.io" rel="nofollow noopener noreferrer" target="_blank">Synthesia support team</a> including:
 - A validation that the tests worked
 - A list of domain names managed by your IdP (e.g. synthesia.io)