Over the past year, my colleagues and I at Covidence have been rolling out SSO support for our Rails application - using SAML in particular. This has prompted a great deal of learning, as well as finding some neat solutions to a few challenges - so I’ve written up a handful of posts to share both some general concepts, and some of our solutions.

• Terminology
• Building a service provider
• Parsing SAML federation data
• Testing with ephemeral (PR) apps
• Request and feature tests
• A local IdP for development environments

A lot of the content from these posts were first shared as a talk at the Melbourne Ruby Meet in October 2024 (and then again at Ruby Retreat NZ in May 2025). If taking in information via video is preferred, you can watch that here: