Setting up Single Sign On using SAML 2

This article explains how to set up your SAML 2 Identity Provider to authenticate your users to Digital Theatre+

Digital Theatre+ supports Single Sign On using a SAML 2 Identity Provider, allowing your users to sign in using your existing Identity solution.

We have created some guides for popular Identity solutions, you can find links to these towards the bottom of this article.

Please use the form at when you're ready to submit your Single Sign-On configuration request.

Step 1 - Configure a new SAML application in your identity solution

You will need set up a new SAML 2 application in your Identity solution. 

  • The Audience URI for your application will be: 

Your application will need to be configured to assert the following information:

    1. Subject Name ID
    2. Email address (if different from Subject Name ID)

By default our service provider requires the following attributes, so if your Identity Provider has a different configuration, please let our support team know by replying to the support email thread, or if you have not started the process, open a new request.

<saml2:NameID />
<saml2:Attribute Name="email">

I need the ACS URL and Audience URI first!

Some Identity Solutions require the metadata (the Assertion Consumer Service URL (ACS URL) and Audience URI) to set-up the SAML application.

If this is the case, or you require the metadata.xml file for importing, please let our support team know, and they will provide this information to you.

Step 2 - Provide configuration information to Digital Theatre+

You will need to provide the following information:

  1. Issuer URI of the Identity Provider. This value is usually the SAML Metadata EntityID of the IdP EntityDescriptor.
  2. IdP Single Sign-On URL.  The binding-specific IdP Authentication Request Protocol endpoint that receives SAML AuthnRequest messages.
  3. IdP Signature Certificate. The PEM or DER encoded public key certificate of the Identity Provider used to verify SAML message and assertion signatures.
  4. Email domain(s).  The email domains which users who authenticate via your Identity Provider will use.
  5. Any changes required to the default attribute mapping.

Send this information to our support team via

Step 3 - Digital Theatre+ provides metadata information

You will need to update your SAML application configuration with the following information which will be supplied by our support team:

  • Assertion Consumer Service URL:<unique-id-per-customer>
  • Audience URI:

Step 4 - Test that you can sign in using your new SAML 2 application configuration

  1. Go to
  2. Click 'Sign in'
  3. Enter your email address
  4. Click 'Next'
  5. You will be redirected to your Single Sign On Identity Provider
  6. Enter your credentials and authenticate
  7. You will be redirected to and will be signed in

Creating a SAML Deeplink or WAYfless URL

Please refer to our "Signing in with SAML 2 SSO" guide for information on creating a SAML Deeplink or WAYFless URL.

Set up guides for Identity solutions

Further assistance