Product Help and Support
What's newVideo tutorialsFAQsContact support
  • Product Guides
  • Clear Finance Cloud
    • 📢Release Notes - Clear Finance Cloud
    • GST Compliance
      • GSTR-1 Filing
      • GSTR-3B Filing
      • GSTR-6 Filing
      • GSTR-7 Filing
      • GSTR-8 Filing
      • ITC-04 Filing
      • GSTR-9 Filing
      • GSTR-9C Filing
      • GSTR-1 vs SR Recon
      • GSTR-2B vs PR Recon
      • Ewb vs G1 Recon
    • E-Invoicing
      • ClearE-Invoicing Video Tutorials
      • Authorising Clear to generate IRN
      • Get started with ClearE-Invoicing
        • Account Setup
          • Create an account
          • Register Defmacro as GSP
          • Set up Business Unit
          • Upload Documents
          • Generate IRN
        • Quick Start Guide
          • Add new members to account
          • Add additional GSTINs/Branches
          • Add NIC Credentials
          • Add UPI ID for B2C QR Code
      • E-Invoicing
        • Upload Data
          • User Guides
            • Upload E-Inv Data - Government Template
            • Upload E-Inv Data - Custom Template
          • FAQs
        • E-Invoice Generation
          • User Guides
          • FAQs
        • E-invoice Cancellation
          • User Guide
          • FAQs
        • E-Invoice Printing
          • User guides
          • FAQs
        • Downloading e-invoices
        • E-Invoice Email
        • Import History
        • E-Inv Vs Sales Reconciliation
        • B2C QR Code
          • FAQs
      • E-Way Bills
        • Eway bill data upload
          • User guides
            • IRN based Eway bill (B2B)
            • Unified template to generate E-way bill for any document type
        • E-Way Bill Generation
        • Multi-Vehicle E-way Bill
        • Consolidated E-Way Bill
        • Update Transporter of E-way bills
        • Printing an E-Way Bill
        • Extend the validity of an e-Way bill
        • Filter by Blank Transporter ID or Vehicle Number
      • Filtering expiring e-Way bills
      • Settings/Configurations
        • ClearIRP API credentials
          • How do I register my GSTIN on ClearIRP from Clear eInvoicing?
          • How do I create API creds if my GSTIN is already registered?
          • I have already created API credentials for my GSTIN, how do I add them?
          • FAQs
        • NIC Credentials
        • Integration Settings
        • E-Way Bill Settings
        • Import Settings
        • Email Settings
        • Business Settings
        • Contact Master
        • User Roles
        • Copy of User Roles
      • E-Invoice & E-way bill error resolution
      • Tally Connector for E-Invoicing
        • Installation
        • User Manual
      • Help
      • FAQs
      • What's new in ClearE-Invoicing
    • ClearID
  • For Enteprises
    • ClearGST
      • ClearGST Video Tutorials
      • Get started with ClearGST
        • Account Setup
          • Add new members to business
          • Install ClearTax Assistant
        • Quick Start Guide
          • Filing Dashboard
          • GSTIN Verification
          • Collect GSTIN of customers
          • Import Data
      • Generate Reports
        • Comparison Reports
          • GSTR-3B vs 1 Comparison Report
          • GSTR-3B Vs 2A Comparison Report
        • Purchase and 2A/2B/6A/4A Reports
          • Multi-month GSTR-2A Report
          • Multi-month GSTR-2B Report
          • GSTR-4A Report
          • Supplier Compliance Reports
        • Sales and G1
          • Rate wise Sales Summary Report
          • Sales HSN Summary Report
          • GSTR-1 Rate wise Summary Report
          • GSTR-1 HSN Summary Report
        • PAN Level Reports
          • PAN Level Multi-Month GSTR-2B Report
        • ITC Cash Ledger Reports
          • Cash Ledger Reports
          • ITC Ledger Reports
        • Tax Saving Reports
          • GSTR 3B vs 1 vs Books Report
          • GSTR 3B vs 2B vs Books Report
        • Filed Reports
      • Reconciliation
        • GSTR-1 vs Sales Register Matching
        • GSTR-2A Vs PR GSTIN Matching
        • GSTR-2A Vs PR PAN Matching
        • GSTR-2B Vs PR GSTIN Matching
        • GSTR-1 Vs E-Way Bill Matching
        • GSTR-9 (Table-8A) Vs PR Matching
      • File Returns
        • GSTR-1
        • GSTR-3B
        • GSTR-4
        • GSTR 6
        • GSTR-9
        • GSTR-9C
      • Tally Connector for GST
        • Prerequisites to Configure Tally for GST
        • Configuring Tally for GST
        • User Manual for GST Tally Connector
        • Common Tally Errors and Resolution
          • Connection issues with Tally
            • Firewall issues for Tally Connector
          • Errors in data imported via Tally
            • Mismatch in Total CGST Value
            • Mismatch in Reverse Charge
            • Mismatch in Export Type
            • Length of Import Bill of Entry Number
            • Invalid receiver GSTIN
            • Mismatch in Seller GSTIN and State
            • Invalid HSN/SAC Code
      • FAQs
        • Get started
        • Data Import
        • File Returns
        • Generate Reports
        • Reconciliation
      • What's new in ClearGST
    • ClearMax ITC
      • Get started with ClearMax ITC
      • Max ITC Reconciliation
        • Data Import
      • ITC Claim Wizard
      • Actions after running recon
      • Extra Functionalities
      • Vendor Payments
      • Table 4 changes
      • FAQs
    • ClearCapture
      • Get started with ClearCapture
        • Register Defmacro as GSP
        • Create an account
        • Add a Business Unit
        • Add GSTIN credentials
        • Add NIC credentials
        • Import invoices
        • Review invoices
        • Export invoices
        • Smart Aggregation
        • Export Issues
      • FAQ's
    • ClearTDS
      • TDS Returns
        • Prepare TDS Return
        • e-Filing TDS Returns
        • e-filing 24Q4 return
          • Form 24Q4 - Original return
          • Form 24Q4 - Correction return
        • Corrections to TDS Returns
      • Other Features
        • Filing Status Dashboard
        • Repository
        • Import and Track LDCs
        • Import Challans
        • ClearTDS Reports
        • Generate Form 16 and other TDS certificates
        • Settings
        • Retrieve Username Password in ClearTDS
        • LDC_Challan Tagging
      • 26AS Recon
        • Product Guide - 26AS Recon
    • ClearTax E-Invoicing KSA
      • Product Guides
        • Onboarding on ClearTax
        • Onboarding for E-Invoicing
        • Exploring the e-Invoicing homepage
        • Onboarding a new device (Online)
        • Onboarding a new offline device for PoS terminals
      • e-Invoicing with ClearTax on NCR-Aloha
        • Prerequisites for offline e-Invoice application
        • Create an account on ClearTax
        • Onboarding on web portal for e-Invoicing
        • Downloading and installing the offline e-Invoice application
        • Device registration on the PoS terminal
        • Generating e-Invoices and printing
      • Product Updates
      • ZATCA Updates
        • ZATCA Violations
        • ZATCA E-invoicing for Wave 2 customers announced
        • ZATCA Portal and APIs are going live
        • New SDK version update released by ZATCA
        • ZATCA Announces the Cancellation of Fines and Penalties
        • New SDK version update released by ZATCA
    • ClearTax E-Invoicing Malaysia
      • Onboarding
        • Create your profile
        • Register your business
      • B2B sales documents
        • Import your data
        • Generate e-invoice(s)
        • Generate consolidated e-invoice
        • Audit Trail
        • Delete imported data
        • Cancel an e-invoice
        • View rejection request
        • Print e-invoice(s)
        • Download report
        • E-mail invoice
        • Check sales import history
      • Purchase documents
        • Import data
        • Generate self-billed e-invoice(s)
        • Cancel a self-billed e-invoice
        • Print e-invoice(s) & download report
        • Check purchase import history
      • MIS Dashboard
      • Reconciliations
        • Reconciliation logic
        • Sales Register vs E-invoice Reconciliation
        • Purchase Register vs E-invoice Reconciliation
      • Settings
        • User access management
        • Custom Ingestion Template
        • Alerts and Communications
        • E-invoicing
          • Timezone
      • E-Invoicing customer portal
        • Registration & account creation
        • Generate your e-invoice
        • Download/Print generated e-invoice
      • Resources
        • Frequently asked questions (FAQs)
        • Error resolution guide
        • Add ClearTax as an intermediary on MyInvois portal
    • Clear Invoicing
    • Platform
      • SSO
    • Our APIs
  • For SMEs
    • ClearGST
      • ClearGST Video Tutorials
      • Get started with ClearGST
        • Account Setup
          • Add new members to business
          • Install ClearTax Assistant
          • Configuring Tally
        • Quick Start Guide
          • Filing Dashboard
          • GSTIN Verification
          • Collect GSTIN of customers
          • Import Data
      • Generate Reports
        • Comparison Reports
          • GSTR-3B vs 1 Comparison Report
          • GSTR-3B Vs 2A Comparison Report
        • Purchase and 2A/2B/6A/4A Reports
          • Multi-month GSTR-2A Report
          • Multi-month GSTR-2B Report
          • GSTR-4A Report
          • Supplier Compliance Reports
        • Sales and G1
          • Rate wise Sales Summary Report
          • Sales HSN Summary Report
          • GSTR-1 Rate wise Summary Report
          • GSTR-1 HSN Summary Report
        • PAN Level Reports
          • PAN Level Multi-Month GSTR-2B Report
        • ITC Cash Ledger Reports
          • Cash Ledger Reports
          • ITC Ledger Reports
        • Tax Saving Reports
          • GSTR 3B vs 1 vs Books Report
          • GSTR 3B vs 2B vs Books Report
        • Filed Reports
      • Reconciliation
        • GSTR-1 vs Sales Register Matching
        • GSTR-2A Vs PR GSTIN Matching
        • GSTR-2A Vs PR PAN Matching
        • GSTR-2B Vs PR GSTIN Matching
        • GSTR-1 Vs E-Way Bill Matching
        • GSTR-9 (Table-8A) Vs PR Matching
      • File Returns
        • GSTR-1
        • GSTR-3B
        • GSTR-4
        • GSTR-6
        • GSTR-9
        • GSTR-9C
      • FAQs
        • Get Started
        • File Returns
        • Generate Reports
        • Reconcilliation
      • What's new in ClearGST
    • ClearOne Suite
      • Get Started with ClearOne Suite
        • Account Setup
        • Quick Start Guide
          • Add Customers
          • Add Items
      • ClearInvoicing
      • ClearCompliance
        • ClearE-Invoicing
          • Create NIC Credentials
          • Add NIC Credentials
          • E-Invoice Generation
        • ClearE-WayBills
          • E-Way Bill Generation
      • FAQs
  • For Tax Experts
    • ClearPro Suite
      • ClearGST
        • ClearGST Video Tutorials
        • Get started with ClearGST
          • Account Setup
            • Add new clients
            • Add new members to Business
            • Install ClearTax Assistant
            • Configuring Tally
          • Quick Start Guide
            • Filing Dashboard
            • GSTIN Verification
            • Collect GSTIN of customers
            • Import Data
        • Generate Reports
          • Filed Reports
          • Tax Saving Reports
            • GSTR 3B vs 1 vs Books Report
            • GSTR 3B vs 2B vs Books Report
          • ITC Cash Ledger Reports
            • Cash Ledger Reports
            • ITC Ledger Reports
          • PAN Level Reports
            • PAN Level Multi-Month GSTR-2B Report
          • Sales and G1
            • Rate wise Sales Summary Report
            • Sales HSN Summary Report
            • GSTR-1 Rate wise Summary Report
            • GSTR-1 HSN Summary Report
          • Comparison Reports
            • GSTR-3B vs 1 Comparison Report
            • GSTR-3B Vs 2A Comparison Report
          • Purchase and 2A/2B/6A/4A Reports
            • Multi-month GSTR-2A Report
            • Multi-month GSTR-2B Report
            • GSTR-4A Report
            • Supplier Compliance Reports
        • Reconciliation
          • GSTR-1 vs Sales Register Matching
          • GSTR-2A Vs PR GSTIN Matching
          • GSTR-2A Vs PR PAN Matching
          • GSTR-2B Vs PR GSTIN Matching
          • GSTR-1 Vs E-Way Bill Matching
          • GSTR-9 (Table-8A) Vs PR Matching
        • File Returns
          • GSTR-1
          • GSTR-3B
          • GSTR-4
          • GSTR-6
          • GSTR-9
          • GSTR-9C
        • FAQs
          • Get Started
          • File Returns
          • Generate Reports
          • Reconcilliation
        • What's new in ClearGST
      • ClearTDS
        • Get started with ClearTDS
          • Retrieve Username Password in ClearTDS
        • TDS Returns
          • Prepare TDS Return
          • e-Filing TDS Returns
          • Corrections to TDS Returns
          • Revise TDS Returns
        • Generate Form 16 in ClearTDS
      • ClearTaxCloud
        • FAQs
      • ClearPro Desktop App
        • Import Data using Desktop App
        • File Returns on Desktop
          • GSTR-1 on Desktop App
          • GSTR-1 NIL Return on Desktop App
          • GSTR-3B on Desktop App
          • GSTR-3B Nil Return on Desktop app
          • GSTR-4 on Desktop App
          • GSTR-9 on Desktop App
          • GSTR-9C on Desktop App
        • Create a Challan and Pay Tax
  • For Individuals
    • File ITR
      • File ITR on ClearTax
      • FAQs
    • Invest and Save
      • FAQs
    • Expert Assistance
      • FAQs
  • Other Support Links
  • Video Tutorials
  • FAQs
  • ClearLearn
  • Contact support
Powered by GitBook
On this page
  • What is SAML
  • Key Components of SAML
  • Types of SAML
  • Onboarding to SAML
  • FAQ for Onboarding
  1. For Enteprises
  2. Platform

SSO

PreviousPlatformNextClearGST

Last updated 9 months ago

What is SAML

SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, specifically between an identity provider (IdP) and a service provider (SP). SAML is widely used for enabling single sign-on (SSO) capabilities across different applications and services.

Key Components of SAML

  1. Identity Provider (IdP): The entity that authenticates a user and issues authentication assertions. Examples include Okta, Google, Microsoft Azure AD, and others.

  2. Service Provider (SP): The entity that provides the service the user wants to access. It relies on the IdP to authenticate the user. Examples include various web applications and services. Clear for this use-case.

  3. EntityID: It is a unique identifier for a SAML entity (such as an Identity Provider or a Service Provider). It is an important part of the SAML metadata, serving as a way to uniquely identify and distinguish between different entities in a SSO deployment.

  4. ACS (Assertion Consumer Service)/ ReplyURL: Its is a specific endpoint on the Service Provider (SP) side that handles SAML assertions sent by the Identity Provider (IDP). The ACS URL is where the IDP sends the authentication response (SAML assertion) after a user successfully authenticates.

  5. Assertions: Statements about a user that include authentication, attribute, and authorization information. These assertions are formatted in XML and are transmitted between the IdP and the SP.

  6. IDP Metadata: (Identity Provider Metadata) is a structured XML document that contains configuration details about the Identity Provider (IdP). This metadata is crucial for establishing trust and communication between the Identity Provider and the Service Provider (SP) in a SAML-based Single Sign-On (SSO) setup.

Types of SAML

In the context of Single Sign-On (SSO), "Service Provider Initiated" (SP-initiated) and "Identity Provider Initiated" (IDP-initiated) are two different ways to start an authentication process. Here’s an explanation of each:

Service Provider Initiated (SP-initiated) SSO

  1. Process:

    1. User Action: The user first attempts to access a resource or service on the Service Provider (SP) side (e.g., a web application).

    2. Redirect: The SP detects that the user is not authenticated and redirects the user to the Identity Provider (IDP) for authentication.

    3. Authentication: The user authenticates at the IDP.

    4. Response: After successful authentication, the IDP sends a response (usually containing a SAML assertion or JWT) back to the SP.

    5. Access Granted: The SP processes the authentication response, creates a session for the user, and grants access to the requested resource.

  2. Flow:

    1. User → Service Provider → Identity Provider → Service Provider.

  3. Use Case: This flow is common when users try to access specific services or applications directly.

  4. Demo Video:

Identity Provider Initiated (IDP-initiated) SSO

  1. Process:

    1. User Action: The user starts the process at the IDP, often by logging into a central dashboard or portal provided by the IDP.

    2. Select Service: From the IDP interface, the user selects the desired Service Provider/application they want to access.

    3. Authentication: If not already authenticated, the user authenticates at the IDP.

    4. Response: The IDP sends an authentication response (usually containing a SAML assertion or JWT) directly to the SP.

    5. Access Granted: The SP processes the authentication response, creates a session for the user, and grants access to the requested resource.

  2. Flow:

    1. User → Identity Provider → Service Provider.

  3. Use Case: This flow is common when users have a central place (like a corporate login portal) where they start their work and access multiple applications.

  4. Demo Video:

Onboarding to SAML

ClearTax Support team should be reached out for the SAML setup.

This is a 3 step process:

  1. Client needs to share the list of allowed domains. (eg clear.in, gmail.com)

  2. ClearTax Support team will share the below resources required for setting up the SAML

    1. EntityId

    2. ACS / ReplyURL

    3. CT SignOn Page - *Required only in case of SP initiated.

    4. Relay State

  3. Using the above data, IDP metadata should be generated and shared back to ClearTax team.

We have a support for logout URL too.

  • IDP initiated - Client needs to provide logout URL of IDP.

  • SP initiated - User will be landed to SSO page. This will setup by ClearTax team on request.

FAQ for Onboarding

Q: Getting 404 on redirection from IDP

A: There can be couple of reasons for 404:

Verify IdP Metadata:

  • Double-check the IdP metadata XML file to ensure that the URLs for the SSO and SLO endpoints are correct.

  • Ensure that the Entity ID, SSO URL, and any other endpoints specified in the metadata are correct and match the actual configuration on the IdP

Review RelayState:

  • Make sure the relay state is configured properly in IDP settings. If it is not set, make sure to generate metadata again.

Q: Getting Authentication FailureA: Check the NameID Format:

  • Look for the setting related to the NameID format.

  • Ensure that the NameID format is set to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress or a similar format that specifies email addresses.

Read this document for more understanding -

Understanding SAML | Okta Developer
7MB
SP_Initiated_Login.mov
5MB
IDP_Initiated.mov