Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Creating a SAML app in Yandex Identity Hub for integration with the management console of Yandex Browser for organizations

Written by
Updated at May 19, 2026

Yandex Browser for organizations is an enterprise-grade browser based on the latest standard browser version and enhanced with dedicated business features and strict security controls. Centralized browser administration is available via the management console. The management console supports SAML authentication to provide secure SSO for your organization's users.

For the users of your organization to be able to authenticate to the management console of Yandex Browser for organizations via SAML SSO, create a SAML app in Yandex Identity Hub and configure it both in Yandex Identity Hub and Yandex Browser for organizations.

SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.

To give the users of your organization access to the management console of Yandex Browser for organizations:

  1. Create an app.
  2. Set up the integration.
  3. Make sure the application works correctly.

Create an app

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select  Apps.
  3. In the top-right corner, click Create application and in the window that opens:
    1. Select the SAML (Security Assertion Markup Language) single sign-on method.
    2. In the Name field, specify a name for your new app: browser-cloud.
    3. Optionally, in the Description field, enter a description for the new app.
    4. Optionally, add labels:
      1. Click Add label.
      2. Add a label in key: value format.
      3. Press Enter.
    5. Click Create application.

Set up the integration

To configure the integration between Yandex Browser for organizations and the SAML app you created in Identity Hub, complete the setup both in Identity Hub and Yandex Browser for organizations.

Set up the SAML application in Yandex Identity Hub

Set up service provider endpoints

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. At the top right, click Edit and in the window that opens:
    1. In the **SP EntityID ** field, specify browser.yandex.ru.
    2. In the ACS URL field, enter an address formatted as https://<console_domain>/corp/api/sso/saml/callback, e.g., https://browser.yandex.ru/corp/api/sso/saml/callback.
    3. In the Signature mode field, select Response.
    4. Click Save.

Configure user attributes

Warning

For integration with the management console of Yandex Browser for organizations, you need to configure the firstName and lastName attributes.

Set user attributes for integration with Yandex Browser for organizations:

  1. Log in to Yandex Identity Hub.

  2. In the left-hand panel, select Apps and select the desired app.

  3. Navigate to the Attributes tab.

  4. Edit user attributes:

    1. Replace the givenname attribute with firstName.
    2. Replace the surname attribute with lastName.
    3. The fullname and emailaddress attributes are not required, so you can remove them.

For more information about configuring attributes, see Configure user and group attributes.

Collect data for setting up Yandex Browser for organizations

To set up SSO in Yandex Browser for organizations, you need the following data from your SAML app:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. In the Overview tab, under Identity provider (IdP) configuration, in the Login URL field, copy the entry point URL (Login URL).
  4. Under Service provider (SP) configuration, in the SP EntityID field, copy the unique service provider ID.
  5. Under Application certificate, click Download certificate and save the token signature certificate in X.509 format to your device.

You will need this data to set up SSO in Yandex Browser for organizations.

Set up SAML authentication in Yandex Browser for organizations

Note

To set up SAML authentication in Yandex Browser for organizations, the user needs the organization administrator permissions.

To set up SAML authentication in Yandex Browser for organizations:

  1. Log in to the Yandex Browser for organizations management console.
  2. Go to SSO settings.
  3. Specify the following:
    • Domain: Domain in Yandex Identity Hub.
    • SP Entity ID: Unique service provider ID obtained in the previous step.
    • Single sign-on service URL: Login URL obtained in the previous step.
    • Signing certificate: Provide the previously saved token signing certificate in X.509 format.
  4. Save the settings.
  5. Click Download certificate.
  6. Optionally, configure signature verification:
    1. Log in to Yandex Identity Hub.
    2. In the left-hand panel, select Apps and then, the SAML app.
    3. Click Edit.
    4. Enable Only accept signed requests and click Add certificate.
    5. In the window that opens, attach the certificate file you downloaded in the Yandex Browser management console.
    6. Click Add.
  7. In the Yandex Browser for organizations management console, enable SSO/SAML authentication.
  8. Wait until the domain is confirmed. To check the status, go to SSO settings.

Add users

For your organization's users to be able to authenticate in the Yandex Browser for organizations management console with Yandex Identity Hub's SAML app, you need to explicitly add these users and/or user groups to your SAML application. You also need to add the relevant users as administrators in the Yandex Browser for organizations management console.

Note

Users and groups added to a SAML application can be managed by a user with the organization-manager.samlApplications.userAdmin role or higher.

Add users to the application:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and select the required app.
  3. Navigate to the Users and groups tab.
  4. Click Add users.
  5. In the window that opens, select the required user or user group.
  6. Click Add.

Add administrators:

  1. Log in to the Yandex Browser for organizations management console.
  2. Go to the Administrators settings section.
  3. Click Add.
  4. Specify the email address of a user added to the app.
  5. Repeat the previous steps for all users who need access to the console.

Make sure your application works correctly

To make sure both your SAML app and Yandex Browser for organizations integration management console work correctly, authenticate as one of the administrators you added to the app. Follow these steps:

  1. In your browser, go to the Yandex Browser for organizations management console login page.
  2. If you were previously logged in, log out.
  3. On the authentication page, click Log in via SSO.
  4. On the Yandex Cloud authentication page, enter the email address and user password. The user or group they belong to must be added to the application. The user must also be a management console administrator.
  5. Make sure you have successfully authenticated in the Yandex Browser management console.
Previous
Yandex 360
Next
Managed Service for OpenSearch