You may want to set up single sign-on (SSO) using a custom-built SSO provider, or one not explicitly named in the Amplitude app. Amplitude is compatible with any SAML 2.0 compliant SSO provider, so as long as the one you want to use meets that description, you can do so.
Read the introductory article on single sign-on in Amplitude to get a basic understanding of the basic requirements.
Amplitude expects your identity provider to send a SAML response that contains the user's email address. At a minimum:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.email) to a non-empty value. Some identity providers emit an empty <AttributeStatement> element when you don't configure any attributes, which prevents Amplitude from processing the SAML response.If your identity provider supports it, set the assertion Subject to the user's email address rather than a username or numeric ID. Amplitude looks at the Subject first when resolving the user.
To set up SSO using a provider that isn't Auth0, AWS IAM Identity Center, G Suite, Microsoft Azure Active Directory, Okta, or OneLogin, click the gear icon in Amplitude and navigate to Organization Settings > Access & SSO Settings. Then, from the Identity Provider dropdown, select Other.
Find the Entity ID and Assertion Consumer Service (ACS) URL on the same Amplitude SSO settings page. Both values are specific to your organization and follow these patterns:
https://amplitude.com/saml/2/metadata/<your-org-id>https://amplitude.com/saml/2/acs/<your-org-id>Enter the Entity ID and ACS URL in the appropriate fields in your identity provider's app configuration. Some providers label the Entity ID field as Audience.
Next, download the IdP metadata file from your provider. In Amplitude, upload the metadata file, then click Save.
September 26th, 2024
Need help? Contact Support
Visit Amplitude.com
Have a look at the Amplitude Blog
Learn more at Amplitude Academy
© 2026 Amplitude, Inc. All rights reserved. Amplitude is a registered trademark of Amplitude, Inc.