This guide walks enterprise administrators through enabling SAML Single Sign-On (SSO) for secure, centralized user authentication in AI Studios.
Step 1: Set Up SSO in AI Studios Dashboard
Log in to your AI Studios account.
Click your profile image (top-right corner).
From the dropdown, click Settings.
In the left-hand menu, select SAML SSO.
Step 2: Configure Your Identity Provider (IdP)
Before connecting AI Studios to your IdP, create a SAML 2.0 Application in your IdP portal. AI Studios works with Okta and Microsoft Entra ID (formerly Azure AD).
How to set up SAML in Okta
How to set up SAML in Okta
Step 1: Create a New App Integration
Go to your Okta Admin Console and click Admin in the upper right.
Navigate to Applications > Applications.
Click Create App Integration.
Select SAML 2.0 and click Next.
Step 2: Configure the SAML Integration
Name the app AI Studios, then click Next.
Under SAML Settings, enter the values provided when you set up an SSO in AI Studios.
Single sign-on URL
Audience URL (SP Entity ID)
Set Name ID format to email.
Set Name ID to use the user’s email attribute.
Step 3: Finalize the App Setup
Select I’m an Okta customer adding an internal app.
Select This is an internal app that we have created.
Click Finish to complete the setup.
Step 4: Integrate the App with AI Studios
Go to the Sign On tab of the app.
Scroll down and click View SAML setup instructions.
Copy the following three parameters and paste them into the AI Studios platform:
Identity Provider Single Sign-On URL
Identity Provider Issuer (Entity ID)
X.509 Certificate
Step 5: Assign Additional Users to the App
Open the People tab under Directory.
Click on 'Add Person' button
Fill in the information, making sure the username matches the email address associated with the individual's login email in AI Studios
How to set up SAML in Microsoft Entra ID (formerly Azure AD)
How to set up SAML in Microsoft Entra ID (formerly Azure AD)
Step 1: Create a New Application
In the Microsoft Entra admin center, go to Microsoft Entra ID
Click Enterprise Applications
Select All Applications, then click + New Application
Choose Create your own application
Enter AI Studios as the app name and click Create
Step 2: Configure Single Sign-On (SAML)
After the app is created, go to Set up single sign-on
In the Basic SAML Configuration section, enter the following:
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Click Save
Step 3: Assign Attributes and Claims
Click Edit in the Attributes and Claims section
Find the claim named Unique User Identifier (Name ID)
Change the Source attribute to
user.displaynameso that the NameID passed to AI Studios matches the user's email address format
Step 4: Copy SAML Configuration Parameters
In the Single sign-on section, scroll to the SAML Certificates and Set up AI Studios sections
Copy the following values:
Identity Provider Single Sign-On URL (Login URL)
Identity Provider Issuer (Microsoft Entra Identifier)
X.509 Certificate (Download the Certificate (Base64))
Open the SSO settings in the AI Studios platform
Paste the three values into their respective fields
Click Save to complete the integration
Step 5: Assign Users and Groups
Go to Users and groups under the app settings
Click + Add user/group
When adding a new user, set the Display Name to match the user’s AI Studios email address
SAML Settings to Use
Setting | Value |
Single Sign-On URL (ACS / Callback URL) | |
Audience URL (SP Entity ID) |
Required Claims (No Namespace!)
Include the following claims in your IdP's SAML configuration. All values should be lowercase and must not include a namespace.
Claim Name | Description | Notes |
| User's email address | Must be lowercase and named exactly |
⚠️ Claims like emailaddress or email_address will not be accepted. The name must be exactly email.
Step 3: Share Metadata with AI STUDIOS
You’ll be asked to enter the following:
Field | Description |
IdP SSO URL (Login URL) | The login endpoint from your IdP |
IdP Issuer (Entity ID) | Unique identifier for your IdP |
Certificate (X.509) | Your SAML signing certificate |
How to obtain these parameter values in Okta
How to obtain these parameter values in Okta
Go to Application > Applications and select the AI Studios app.
Go to the Sign On tab in the app's menu.
Scroll down and click View SAML setup instructions.
Copy the following three parameters and paste them into the AI Studios platform:
Identity Provider Single Sign-On URL
Identity Provider Issuer (Entity ID)
X.509 Certificate
How to obtain these parameter values in Microsoft Entra ID/Azure AD
How to obtain these parameter values in Microsoft Entra ID/Azure AD
Go to Enterprise applications > Enterprise Applications | All applications > AI Studios
In the Single sign-on section, scroll to the SAML Certificates and Set up AI Studios sections
Copy the following values:
Identity Provider Single Sign-On URL (Login URL)
Identity Provider Issuer (Microsoft Entra Identifier)
X.509 Certificate (Download the Certificate (Base64))
Open the SSO settings in the AI Studios platform and paste these values in their respective fields.
Once submitted, a unique SSO configuration link will be generated and bound to your account.
Step 4: Toggle SSO Activation
You’ll see a toggle button to activate or deactivate SSO.
On (Default):
Enables SSO login for both admins and team members
Off:
Only admins can log in with SSO
Team members cannot access the workspace