How to secure Monday.com
To configure Monday.com with XFA you need the Enterprise license that includes the SAML Single Sign On feature. You can find more information about the different licenses here.
Monday.com has a Custom SSO feature which uses SAMLv2. By placing XFA between Monday.com and your identity provider, every login attempt is checked for device security before access is granted.
When a user signs in to Monday.com, the following happens:
- Monday.com → XFA → your IdP: Monday.com redirects the user to XFA, which immediately redirects to your identity provider (e.g. Google Workspace) to authenticate. The Entity ID configured in your IdP is the one for Monday.com — it identifies what the user is authenticating for.
- Your IdP → XFA: After authentication, the identity provider sends the user back to the ACS URL, which points to XFA instead of directly to Monday.com.
- XFA verifies the device: XFA checks the security posture of the device against your policy.
- XFA → Monday.com: If the device passes, XFA forwards the authentication to Monday.com using the application's real ACS URL and access is granted.
This guide will describe all steps needed to set this up.
Note: This article assumes that you have an account set up with XFA for your organization and your are an admin for that organization. If you do not have an account, you can create one at https://dashboard.xfa.tech/signup.
Configure Monday.com in your identity provider
Use our specific identity provider guides to learn how to setup an application with the provided settings.
Entity ID: https://<YOUR_MONDAY_DOMAIN>.monday.com/saml/saml_callback
ACS URL / Redirect URL: https://device-api.xfa.tech/saml2/consume
Signed Response: false
The ACS URL / Redirect URL is different than the standard Monday.com configuration
Creating an application in XFA
A guide on how to create an application in XFA can be found here.
Assertion Consumer Service URL: https://<YOUR_MONDAY_DOMAIN>.monday.com/saml/saml_callback
SSO URL: (provided by identity provider)
Entity ID: (provided by identity provider)
Certificate: (provided by identity provider)
Configure Monday.com with XFA
1. Login to Monday.com
Navigate to your Monday.com domain and login with your admin account.
2. Go to Profile > Administration > Security > Single Sign On (SSO)
Use the following settings to configure Monday.com with XFA.
SSO Provider: Custom SAML 2.0
SAML SSO Url: (from XFA application)
Identity Provider Issuer: (from XFA application)
Public certificate: (from XFA application)
Enable Monday certificate: false
3. Test the configuration
Click on Test SSO connection to test the configuration. You should be redirected to your identity provider to login, after which your device security will be checked by XFA before coming back to Monday.com.
4. Configure the Login Restrictions Policy
Configure the Login Restrictions Policy to your liking. We recommend to start with Using SSO authentication is optional to test the configuration and then change it to All users except guests must use SSO authentication to enforce the use of SSO and make sure that only secure devices can access Monday.com.
5. Activate the configuration
Click on Activate SSO to activate the configuration. Your users will now be asked to verify their device security with XFA in addition to their identity before they can login to Monday.com.