Single Sign-On Settings

Note: We only support IdP initiated SSO, so CloudTest and/or mPulse will not send any AuthN requests to the IdP. Therefore, CloudTest/mPulse is not required to send a certificate. All SAML assertions are validated against the certificate uploaded by the user during the setup process (step 3 below, if using the metadata discovery endpoint).

To configure SSO:

How to

  1. Log into your CloudTest or mPulse instance and click Company Settings in the left navigation panel. In order to access Company Settings, you must be a tenant admin.
  2. Under Single Sign-On Settings, select the Enable single sign-on checkbox.
    Note: Once you enable Single Sign-On, you cannot log in with old credentials. Contact Akamai Support if you are locked out of your tenant.

  3. Get the Metadata Discovery Endpoint from your IT department (or the customer for CloudTest admins), enter it in the IdP Metadata URL, and then click Fetch. The Issuer Entity ID will populate, and the Certificate now states Re-upload Certificate.
  4. Get the IdP-initiated login URL from your IT department (or the customer for admins). Enter it in the IdP Initiated URL text field in CloudTest or mPulse. Enter the Issuer Entity ID (or host name of IdP server).
    For example, the entityID may be found in your IdP's metadata XML.
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="" entityID="" validUntil="2026-07-22T22:03:58.707Z">
  5. Enter the SAML ACS. This value will be given to your IT department by a CloudTest admin. This value will always be the hostname of the CloudTest/mPulse environment followed by concerto/services/saml/v2/doLogin
    If you are integrating with the mPulse environment, the full SAML ACS URL will be:
  6. Enter the Targeted SAML ID. This value is IdP specific, and must be shared with a CloudTest admin (via documentation or the customer's IT department).
    Note: SAML User ID type is the username, and SAML User ID location is the element in the element
    When we receive a SAML assertion, we must know what SAML AttributeStatement to look for when identifying a user. In the example below, the user is "mrtest." In order for SSO to work, the targeted username should be set to "userName," not "mrtest." (This is not universal: the targeted SAML ID could be the values "email", "id", etc. When in doubt, consult your IdP documentation.)
    <saml:AttributeStatement> <saml:Attribute Name="userName"> <NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">mrtest</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement>
  7. The system will not allow you to proceed if you don't set a Certificate, an Issuer Entity ID, and a Targeted SAML ID.
  8. Click Apply and leave company settings, and then return. The changes you entered should persist.
  9. To test your changes, log out of your current session, enter your username in the Login page, and then click Enter. Do not enter your password.