App connectors · App connectors
Notion — SAML SSO via Thoryn
Notion Enterprise SSO. Notion supports SAML only (no OIDC); the recipe uses Thoryn's SAML-bridge flow.
- notion
- saml
- productivity
Tested against:hub: 1.0.0notion: Enterprise 2026
What you get
Notion Enterprise users authenticate via Thoryn. Note: Notion supports SAML 2.0 only — no OIDC option. Use Thoryn's SAML-bridge federation member to convert OIDC ↔ SAML on the wire.
Setup
1. In Thoryn
Create a SAML SP entry:
hub saml-sp create \
--name "Notion" \
--acs-url "https://www.notion.so/sso/saml/acs/YOUR-WORKSPACE-ID" \
--entity-id "https://www.notion.so/sso/saml/YOUR-WORKSPACE-ID" \
--sign-assertions trueHub returns:
- IdP Metadata URL:
https://hub.thoryn.org/saml/metadata/<sp-id>.xml - IdP SSO URL:
https://hub.thoryn.org/saml/sso/<sp-id> - IdP Certificate (X.509)
2. In Notion
Workspace Settings → Identity & Provisioning → SAML SSO → Add Provider. Upload the IdP metadata XML or paste the URL + certificate.
| Field | Value |
|---|---|
| SSO URL | (from step 1) |
| Issuer / Entity ID | https://hub.thoryn.org |
| Certificate | (from step 1) |
3. Attribute mapping
| Notion attribute | SAML attribute |
|---|---|
email | |
| First name | firstName |
| Last name | lastName |
Caveats
- Enterprise only: Notion's SAML SSO is gated to the Enterprise plan.
- Workspace match: users must have Notion accounts in the target workspace before SSO works (or set "auto-create" in Notion's settings).