document native SAML

ory · Dec 10, 2024 · f3a3d0c · f3a3d0c
1 parent 9921ff8
commit f3a3d0c
Showing 1 changed file with 31 additions and 12 deletions.
diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx
@@ -247,28 +247,47 @@ organization.
 ## SAML
 
 SAML (Security Assertion Markup Language) is an XML-based open standard used for exchanging authentication and authorization data
-between parties.  
-The SAML integration in Ory Network uses the B2B Organization feature.
+between parties. The SAML integration in Ory Network uses the B2B Organization feature.
 
-This guide will walk you through the steps required to set up SAML Single Sign-On (SSO) with Ory Network using BoxyHQ as your SAML
-provider.
+### SAML via Ory Network
 
-### Prerequisites
+This guide will walk you through the steps required to set up SAML Single Sign-On (SSO) with Ory Network.
 
-Before proceeding, ensure you have the following:
+#### Prerequisites
 
-- Access to [Ory Network](https://console.ory.sh/)
-- An active account with [BoxyHQ](https://app.eu.boxyhq.com/auth/join)
-- [Ory CLI](../../guides/cli/installation)
+Before proceeding, ensure you are on a plan that supports SAML SSO. SAML is available exclusively on select Enterprise plans.
+[Contact us](https://www.ory.sh/contact/) if you need SAML support.
+
+1. Go to <ConsoleLink route="project.authentication.organizations" /> to create an organization.
+2. Select "Add a new Enterprise SAML SSO connection" and follow the instructions to configure the SAML connection. Fill out the
+   following form fields:
+
+   - **Label**: A descriptive name for the SAML connection. This will be displayed to users.
+   - **Data mapping**: A mapping from the SAML attributes to Ory's identity schema.
+   - **Raw IDP metadata XML**: The XML metadata file from your SAML Identity Provider (IdP).
+
+3. Navigate to your login screen to test the SAML connection.
+
+The SAML application callback URL to set at our SAML Identity Provider is: `https://api.console.ory.sh/saml/api/oauth/saml`
+
+### SAML via BoxyHQ
 
 :::note
 
-If you need help with the integration or have any questions, please open a [support ticket](https://console.ory.sh/support) or
-reach out to support@ory.sh.
+Before Ory Network had native SAML support, BoxyHQ was the recommended way to set up SAML SSO. The integration is still supported,
+although we recommend using the native SAML support in Ory Network for new projects.
 
 :::
 
-### Configuration
+#### Prerequisites
+
+Before proceeding, ensure you have the following:
+
+- Access to [Ory Network](https://console.ory.sh/)
+- An active account with [BoxyHQ](https://app.eu.boxyhq.com/auth/join)
+- [Ory CLI](../../guides/cli/installation)
+
+#### Configuration
 
 To set up the integration, you'll need to get your Ory Network session token: