How to Configure Custom SSO with Kula

Last updated: June 23, 2025

Article for Okta SSO - Click here
Article for Jumpcloud - Click here
Article for Google SSO - Click here

Kula supports integration with your organization's identity provider (IdP) to enable Single Sign-On (SSO) using SAML 2.0. This ensures a secure and seamless login experience for your team.

Prerequisites

Before setting up Custom SSO, ensure the following:

  • You are an Organization Admin in Kula.

  • You have access to your Identity Provider's admin console (e.g., Okta, Azure AD, Google Workspace, etc.).

  • You have the required metadata/configuration details like SSO URL, Entity ID, X.509 Certificate, or Client ID/Secret for OIDC.

Step-by-Step Setup:

Step 1: Navigate to SSO Settings

  1. Log in to your Kula account.

  2. Go to SettingsSecurity.

  3. Select the Single Sign-On (SSO) tab.

Step 2: Choose SSO Type

  • Select SAML 2.0 on your IdP.

Step 3: Input SSO Configuration Details

🛡 For SAML 2.0:

You’ll need to fill in the following fields:

Screenshot 2025-06-02 at 11.04.12.png

  • Identity Provider SSO URL

  • Entity ID / Issuer

  • X.509 Certificate

  • Optional: NameID Format, Attributes Mapping (email, first name, last name)

Step 4: Save & Test Connection

  1. Click Save after entering all required fields.

  2. Use the Test Connection button to validate your setup.

  3. Once validated, toggle Enable SSO.

📝 Note: After enabling SSO, only users from your domain will be able to log in via the configured provider.

👥 User Access Control

  • Admins can enforce SSO for all users.

  • You can also allow both SSO and password-based login (not recommended for production environments).

🔧 Troubleshooting Tips

  • Double-check the certificate format (ensure it includes -----BEGIN CERTIFICATE-----).

  • Ensure the Entity ID matches exactly as configured in your IdP.

  • Verify that your Kula domain is authorized in your IdP settings.

FAQs – Custom SSO Configuration in Kula

  • Q: Does Kula support SSO?
    A: Yes, Kula supports both SAML 2.0 and OIDC-based SSO.

  • Q: Who can configure SSO in Kula?
    A: Only Org Admins have access to configure and manage SSO.

  • Q: Where do I find SSO settings in Kula?
    A: Go to Settings → Security → Single Sign-On.

  • Q: What details are required for SAML setup?
    A: You'll need the IdP SSO URL, Entity ID, and X.509 certificate.

  • Q: What details are needed for OIDC setup?
    A: You'll need the Client ID, Client Secret, and Issuer URL.

  • Q: Can I test the SSO setup before enabling?
    A: Yes, Kula allows testing before enforcing it org-wide.

  • Q: What happens after SSO is enabled?
    A: Users will be redirected to your IdP for login.

  • Q: Can I make SSO mandatory for all users?
    A: Yes, you can enforce SSO login across the organization.

  • Q: What format should the certificate be in?
    A: It must be in PEM format with proper header and footer.

  • Q: What causes entity ID or issuer mismatch errors?
    A: Usually due to formatting issues or incorrect values.

  • Q: What should I do if I face issues with setup?
    A: Reach out to the Kula support team via chat or email.