SSO Connection Guide
Overview
Section Coach (formerly, "ProfAI") supports SAML 2.0-based SSO connections for enterprise clients. Once enabled, employees will access ProfAI using their company's existing identity solution.
To set up SSO, several exchanges of information are necessary. Please reach out to your Customer Success representative if you have questions or difficulty with the process below.
Setup Sequence
Step 1 — Client: Answer Preliminary SSO Questions
-
Which IdP solution does your organization use?
- Okta
- Microsoft Entra ID (formerly AD / Azure)
- Google Workspace
- Other
-
Which describes the work email addresses that will be used to access ProfAI?
- Single top-level domain — all addresses end the same way (e.g.
@corp.com,@department.corp.com) - Multiple top-level domains — addresses may end differently (e.g.
@corp.com,@corp.com.eu,@other-corp-name.com)
- Single top-level domain — all addresses end the same way (e.g.
-
If you chose Multiple top-level domains, provide a list of the domains that should be accepted by ProfAI SSO.
Step 2 — Section: Provide Initial SSO Connection Details
Section will send you:
- Reply URL / Single sign-on URL / ACS URL
- Entity ID / Audience URI
Configure your IdP with the following attribute mappings:
| Attribute | Value |
|---|---|
| User ID | http://schemas.microsoft.com/identity/claims/objectidentifier |
| Email address | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
| First name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
| Last name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Step 3 — Client: Configure SSO and Return Metadata
Configure the SSO connection in your IdP, then send your XML metadata back to Section via URL or file attachment.
Step 4 — Section: Finalize SSO and Verify Login
Section will finalize the connection and communicate a testing approach. For completely new organizations, the testing approach is simple: Section enables the integration and a member of the organization verifies login. For organizations that have employees on the platform, test URLs can be provided for isolated testing.
FAQs
How should members of my organization log in?
Section's authentication system will recognize the email domain(s) configured for your organization and route the user to SSO from any of the authentication links on the homepage: "Get Started" / "I already have an account" / "Did your company give you access?"
For simplicity, Section recommends directing employees to click the "Did your company give you access?" link.
What IdP does ProfAI use?
Clerk.
Updated 15 days ago