SAML 2.0 Configuration Guide


⚠️ Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that existing users will not be able to sign in through their regular sign-in page. They will only be able to access the app through the Okta service. When we first enable SAML for your application, we will leave it in a “trialing” period until you give us the confirmation to enforce this login method permanently.

Backup URL

Fathom doesn't provide a backup sign-in URL where users can sign in using their regular credentials. You can contact Fathom Support ( to turn off SAML, if necessary.

Supported Features

The Okta/Fathom SAML integration currently supports the following features:

  • SP-initiated SSO

  • IdP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Contact your Fathom CSM directly, or the Fathom Support team ( and request that they enable SAML 2.0 for your Team Edition account.

  2. Provide a list of email domains that will be associated with this Okta instance (if applicable)

  3. Include the Metadata URL located on the Sign On tab > Sign on methods > SAML 2.0 -> Metadata details with your request.

  4. Ensure the “Application username format” is set to “Email”

  5. Your Fathom CSM will process your request and will provide you with login directions. After receiving this confirmation email, you can start assigning people to the application.


The following SAML attributes are supported:


  • first_nameuser.firstName

  • last_nameuser.lastName

  • timezoneuser.timezone

SP-initiated SSO

  1. Go to

  2. Enter your email, then click “Log In”