Configuring Single Sign On

Setting up Single Sign On (SSO) for Mapiq is very easy. There are only a few steps that we take together to get things up and running. Let’s get started.

What is Single Sign On?

By using Single Sign On (SSO), employees of your organization will experience a seamless authentication experience. Some advantages of SSO are: 

  • User information is exchanged from your Active Directory with Mapiq as part of the Single Sign On process and it is therefore not required for users to enter information manually. 
  • Users authenticate using their company credentials and it is therefore not required for them to remember additional passwords
  • Since authentication is done on your Identity Provider you will remain in full control of who has access to the application and who does not

What Single Sign On protocols does Mapiq support?

Mapiq supports Single Sign On using the SAML2.0 or the OpenId Connect protocol.

Some of Mapiq's features require more user information than just the basic information (name / email). Mapiq therefore recommends the use of the SAML2.0 protocol as additional claims can be easily configured with this protocol.

Account provisioning

The Mapiq applications utilize the Just In Time (JIT) principle for Single Sign On meaning that users are created in the application's backend the moment the user logs-in for the first time. Users can be removed from your environment by deleting them in the administrator portal and revoking access within your Identity Provider.

Mapiq does not support SCIM (System for Cross-domain Identity Management) or other identity frameworks/integrations, although this is something which is being looked in to for future development.


Mapiq offers multiple applications utilizing SSO. These applications are served via two authentication services: test and production. 

  • Test:
    The test application is configured prior to the production application such that the configuration can be tested without affecting the production database. Additionally, the test application gives instant feedback via the user interface on the configuration.
  • Production: and
    The production application consists of two portals: shifts for the regular employee, and admin for administrators. Although these have separate URLs they share the same SSO configuration.


On average it takes 10 working days, from the moment of sharing a complete onboarding form with Mapiq (step 2), to realize the Single Sign On configuration
Step 1-2To configure Single Sign On within your Identity Provider using the values provided by Mapiq (in step 1, see below) and return the completed onboarding form to your Mapiq contact.

Step 3-5To test and validate the configuration prior to go-live

Step 6To enjoy Mapiq with Single Sign On 

Click here for troubleshooting

Step 1: Register the test and production applications in your IdP

SAML2.0 OpenId Connect

Please configure both applications with the following information

Metadata URL, Entity Id and Assertion Consumer Service (ACS):




SignatureSigning required
AssertionSigning required

Required feature: user profile

More information: Please see Mapiq's privacy policy

Requirements: all claims should be configured

AD propertyDescriptionExpected claim namespaceExpected claim name
Unique user idA claim value unique to the user. 
  • e.g. email address, employee id, or the object id from the AD
  • Please ensure that this claim is part of the <AttributeStatement> of the SAML response as Mapiq will not extract this value from the subject
First nameThe user's first name (e.g. 'Jane')
Last nameThe user's last name (e.g. 'Doe')
Display nameThe user's full name (e.g. 'Jane Doe')
Email addressThe user's email address emailaddress

Optional feature: automatic profile assignment

More information: Please see the support article on automatic profile assignment

Requirements: at least one claim should be configured

Business unitThe business unit the user is part of (e.g. 'company logistics')
CountryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')
DepartmentThe department the user is part of (e.g. 'finance', or 'IT support')
OfficeThe office where the user works (e.g. 'Amsterdam', or 'London')
Job titleThe user's job title (e.g. 'senior manager', or 'trainee')

Optional feature: Mapiq API

More information: Please see the support article on Mapiq's API

Requirements: the configuration of this claim is optional

External IdFor more information, please see the article on the Mapiq API

Optional feature: multiple environments

More information: Please see the support article on multiple environments 

Requirements: at least one claim should be configured

CountryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')
OfficeThe office where the user works (e.g. 'Amsterdam', or 'London')
Subscription Key

For more information, please see the article on multiple environments

Step 2: Complete and share the SSO onboarding form

Download the SSO Onboarding form at the bottom of this page and share it with your contact at Mapiq

Step 3: Test the configuration (wait for GO from Mapiq)

Please follow the instructions in the article on Testing your SSO integration

Step 4: Validate your production configuration

Please validate that the configuration of your production application matches that of your test application.

Step 5: Test the configuration on the production environment (wait for GO from Mapiq)

Once SSO for the production environment has been configured by Mapiq you should be able to login at

Step 6: Start using the application

Go to for the user application and for the administrator portal


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.