# MonoSign Configuration

FSProtect can be integrated with the MonoSign system to make the authentication process easier. The following configurations must be completed in order to integrate.

## SAML Connection Configuration:

In the MonoSign administrator dashboard, navigate to **Applications** and select **Add New → Create From Scratch**.

<figure><img src="/files/rxwCjMQXX9uPSEdtJOmm" alt="Create New Application Page"><figcaption><p>Create New Application Page</p></figcaption></figure>

After giving it a display name, click Create Application

<figure><img src="/files/JSGAzwZK9pEHVfmpz8tA" alt="New Application Initial Setup"><figcaption><p>New Application Initial Setup</p></figcaption></figure>

And then Acces Settings needs to be configured according to organisations needs.

<figure><img src="/files/RXh5S1AafBCaHywCvYkl" alt="Application Access Control Setup"><figcaption><p>Application Access Control Setup</p></figcaption></figure>

After creating the application, go to **Application Dashboard → Keys → Add New Key**.

<figure><img src="/files/Py6xZSKeQxbqnAZLjqdn" alt="Adding new SAML Key Page"><figcaption><p>Adding new SAML Key Page</p></figcaption></figure>

<figure><img src="/files/lmuWNdzOhuz34oZhUNA4" alt="SAML Key Configuration"><figcaption><p>SAML Key Configuration</p></figcaption></figure>

In the key creation screen, **SAML** should be selected and the **Create** option should be applied.

Download IdP Metadata with clicking Download IdP Metadata button.

<figure><img src="/files/ufQ1NEWrRXXUdU2eD192" alt="SAML Connection Page"><figcaption><p>SAML Connection Page</p></figcaption></figure>

Save this file and upload it to FSProtect. FSProtect will parse it to pull in MonoSign’s endpoints and certificates.

Press Configure Button and Fill with following information:

**ACS URL**: This value is copied from FSProtect after the SSO settings are saved. It must exactly match FSProtect’s ACS URL.

<figure><img src="/files/5faHAbTRxHV4W8jGgJ6N" alt="SAML Connection Configuration"><figcaption><p>SAML Connection Configuration</p></figcaption></figure>

### Role and Username Mapping Settings

In MonoSign’s **Attributes** tab, add the following two assertion attributes so FSProtect can read them:

**Username Attribute Key**

* **Attribute:** FSProtect Username Attribute Key
* **Value:** `{{UserName}}`
* Press plus icon to save&#x20;

<figure><img src="/files/Km9AuR2Iwbj1ybNKavta" alt="Username Attribute Configuration Page"><figcaption><p>Username Attribute Configuration Page</p></figcaption></figure>

**Role Attribute Key**

* **Enabled:** True
* **Attribute Name:** FSProtect Role Attribute Key
* **Format:** `{{Name}}`

<figure><img src="/files/DKKRiYxL2IdYQmxFvQQm" alt="Role Attribute Configuration Page"><figcaption><p>Role Attribute Configuration Page</p></figcaption></figure>

Once the MonoSign app configuration has been saved:

1. The IdP Metadata XML must be downloaded from the IdP.
2. In FSProtect’s **New Provider** screen, the XML must be uploaded via the **XML Upload Field**.
3. The configuration must be saved in FSProtect.
4. MonoSign users or groups must then be assigned to the app.

After these steps, FSProtect SSO Login will function with correct username and role mappings.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/settings/sso/monosign-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.