Loved by IT teams

Proxi acts as a SAML service provider. Your institution’s identity provider stays in control of authentication and we receive only what’s needed to confirm eligibility.

Standard SAML 2.0

Integrates with any SAML 2.0 compliant identity provider — Entra ID, Okta, Shibboleth, and others. No proprietary protocol or custom SDK required.

Quick setup

Share your metadata URL and we handle the rest. We’ll send back our SP metadata to complete the configuration on your end. Most integrations are live within one business day.

Privacy by design

We collect only affiliation type and a pseudonymous pairwise identifier. No names, email addresses, or student IDs ever pass through Proxi.

Security and compliance your team can stand behind

Proxi is built to meet the data protection requirements that IT teams care about. Verification data is never stored beyond 7 days, no personally identifiable information is collected through single sign-on, and our infrastructure is independently audited.

View Security Details
SOC 2 Type I
Certified
GDPR
Compliant
CCPA
Compliant
FERPA
Compliant

Security documentation and data processing addendum available on request

Technical questions, straight answers

What your IT team will want to know before starting the integration.

What does Proxi need from our identity provider?

We need the following to configure the SAML integration on our end:

  • Metadata URL — this typically contains everything else listed below, and is the simplest path
  • Single Sign-On (SSO) URL
  • Single Logout (SLO) URL
  • Public signing certificate

Once you provide these, we will send back our service provider metadata for you to register in your IdP.

Which SAML attributes are required?

We require two attributes:

Affiliation — to determine whether the user is a student, faculty, staff, or alumni:

  • eduPersonScopedAffiliation (preferred)
  • eduPersonAffiliation (accepted)

Identifier — a stable, pseudonymous identifier unique to this service provider relationship:

  • pairwise-id (preferred)
  • eduPersonTargetedID (accepted)

If your IdP does not expose these attribute names directly, we can customise the fields we extract values from. Contact us with what attributes your IdP does provide and we will work from there.

Do you support Microsoft Entra ID (formerly Azure AD)?

Yes. Configure Proxi as an enterprise application in your Entra admin centre using the standard relying party STS setup. Microsoft’s documentation for enabling SSO for an enterprise application covers the configuration steps. Share your metadata URL with us once the application is created and we will complete the setup on our end.

Do you support Okta?

Yes. Add Proxi as a SAML 2.0 application in your Okta admin console using the standard SAML application setup. Share your metadata URL with us once the application is created.

Do you support Shibboleth or other federation-based identity providers?

Yes. Share your metadata URL and any relevant federation configuration and our team will handle the configuration on our end. If your institution is part of a national research and education federation, let us know and we can discuss the appropriate integration path.

How long does the integration take?

Most integrations are completed within one business day of receiving your IdP metadata. The process is two steps: you share your metadata, we share ours, and both sides complete the registration in their respective systems. Our team will guide you through the process.

Does this integration affect our institution’s FERPA or GDPR obligations?

The integration is designed to avoid creating FERPA or GDPR obligations for your institution. Because Proxi uses pairwise pseudonymous identifiers rather than student IDs, names, or email addresses, no education records or personal data as defined under FERPA or GDPR are transferred to Proxi.

Does Proxi require ongoing access to our directory or user database?

No. Proxi only receives data at the moment a user initiates verification. There is no continuous sync, no directory integration, and no standing access to your institution’s user records. The connection is event-driven: a user authenticates through your IdP, Proxi receives the two required attributes, and the session ends.

Get your institution connected

Share your details and we’ll reach out to walk through the integration. Most institutions are live within one business day. Contact us directly by email here.