SAML connections
Before you start
You must configure your application instance through the Clerk Dashboard for the SAML connection(s) that you want to use. Visit the appropriate SAML guide for your platform to learn how to configure your instance.
Create the sign-up and sign-in flow
When using SAML, the sign-in and sign-up are equivalent. A successful SAML flow consists of the following steps:
- Start the SAML flow by calling
SignIn.authenticateWithRedirect(params)
orSignUp.authenticateWithRedirect(params)
. Note that both of these methods require aredirectUrl
param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider. - Create a route at the URL that the
redirectUrl
param points to. It's recommended to name this route/sso-callback
. This route should either call theClerk.handleRedirectCallback()
method or render the prebuilt<AuthenticateWithRedirectCallback/>
component.
The following example shows two files:
- The sign-in page where the user can start the SAML flow.
- The SSO callback page where the SAML flow is completed.
SAML account transfer flows
In some cases, a user may be trying to sign in with a SAML account, but they don't have an account in your application yet. Or a user may be trying to sign up with a SAML account, but they already have an account in your application. In these cases, Clerk provides "account transfers" which allow you to forward the user's information to the appropriate flow.
The following example shows how to handle these cases in your sign-in flow. The same logic can be applied to the sign-up flow; simply change the signIn.AuthenticateWithRedirect()
to signUp.authenticateWithRedirect()
.