.png?sv=2022-11-02&spr=https&st=2026-03-10T08%3A05%3A43Z&se=2026-03-10T08%3A17%3A43Z&sr=c&sp=r&sig=fHXFQjtLVcYofSc6miVJBXItI8orA6PTi9DVG3Bbhr8%3D)
You can now configure sign on modes for FOIAXpress directly from the Administration folder. Navigate to FOIAXpress Administration, then System Administration > Sign On Mode.
The Sign On Mode page allows you to configure how you authenticate into FOIAXpress. When enabled, SAML-based Single Sign-On (SSO) lets you sign in using your organization’s identity provider instead of a separate FOIAXpress account. This configuration typically requires coordination with your IT or identity management team.
Select SAML from the Sign On Mode drop-down menu.
When you choose SAML SSO, you must enter details for both the Service Provider (FOIAXpress) and Identity Provider (your organization’s authentication system).
SAML SSO Configuration
Service Provider Settings
These settings define how FOIAXpress presents itself to your identity provider. Fill these fields up with the help of your IT Administrator.
Field | Description |
Issuer | The FOIAXpress login URL that your identity provider uses to identify the application. |
Assertion Service URL | The location where your identity provider sends SAML responses after authentication. |
Signature Certificate | The certificate FOIAXpress uses to sign outgoing SAML requests to your identity provider. |
Encryption Certificate | If your identity provider requires encrypted assertions, upload an encryption certificate and password. |
Certificate Serial Number and Certificate Thumbprint | These values are used to validate the certificates exchanged between systems. |
NOTE: Expiration dates display after you save changes. If a certificate cannot be read or has expired, you must upload a valid one before SSO can function. Admin users receive an automated email notification 30 days before certificate expiration.
Identity Provider Settings
These settings allow FOIAXpress to trust and interpret authentication responses from your identity provider. Fill these fields up with the help of your IT Administrator.
Field | Description |
IDP Entity ID / Issuer URL | The unique identifier for your identity provider. |
SAML SSO URL | The endpoint FOIAXpress redirects you to for signing in. |
SAML SSO URL Binding Type | Determines how messages are transmitted (for example, HTTP POST). |
SAML SLO URL SAML SLO URL Binding Type | Used if single logout is configured by your organization. |
Name ID Format | Specifies the identifier format sent by your identity provider. |
Authentication Context Authentication Context Comparison | Allows you to specify required authentication strength if your organization requires it. |
Certificates and Signing Options
If signing or encryption is required by your organization, you must enter the Signature Certificate Text and Encryption Certificate Text, respectively. FOIAXpress does not enforce which signing or encryption requirements you must choose. These depend entirely on your identity provider’s policies.
You may upload an Identity Provider Certificate and specify whether authentication requests, responses, and assertions must be signed or encrypted.
NOTE: Expiration dates display after you save changes. If a certificate cannot be read or has expired, you must upload a valid one before SSO can function. Admin users receive an automated email notification 30 days before certificate expiration.
Additionally, you can control the following behaviors:
Sign Authentication Request
Want SAML Response Signed
Want Assertion Signed
Want Assertion Encrypted
Force Authentication (prompts your identity provider to re-challenge at every login)
Sign Logout Request
Sign Logout Response
NOTE: Force authentication may increase login time because your identity provider will not reuse an existing session.
If you cannot log in after saving SAML settings, immediately contact your FOIAXpress support representative or your organization’s administrator. You may need to revert to a safe configuration.