KB-2343 Transferring SAML after domain change

pauline.delacruz — Tue, 01 Jul 2025 16:10:45 GMT

Current Revision posted to Appian Knowledge Base by pauline.delacruz on 7/1/2025 4:10:45 PM

Purpose

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

The required steps may vary with the Identify Provider (IDP) or custom configurations, and this KB article is intended to be a guide to assist with the common changes. For further assistance please consult your IDP provider, and reach out to Appian Support through a support case.

Table of Contents:

For Appian SAML configurations
SP Metadata
IDP
Saving Changes to SAML Configuration in Appian
User Start Pages
Recommended

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

Identity Provider (IDP) Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

Review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Even if there are no manual changes to the SP Settings, you will still regenerate the SP Metadata to point to the new domain, this is because the location attributes for the SAML assertion reference the hostname.

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

Test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, change the user start page configuration to reflect the new domain.

Recommended

Prior to changing the Domain, we recommend ensuring a system administrator user is outside the SAML group. If any issues occur the user can access the admin console and disable SAML to allow user access.

For further questions on SAML see our SAML FAQ.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: July 2025

Tags: SAML, integration, idp, Cloud

[DRAFT SP-9632] KB-XXXX Transferring SAML after domain change

pauline.delacruz — Tue, 01 Jul 2025 16:06:56 GMT

Revision 8 posted to Appian Knowledge Base by pauline.delacruz on 7/1/2025 4:06:56 PM

Purpose

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

Table of Contents:

For Appian SAML configurations
SP Metadata
IDP
Saving Changes to SAML Configuration in Appian
User Start Pages
Recommended

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

Identity Provider (IDP) Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

Review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

Test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: July 2025

Tags: SAML, integration, idp, Cloud

[DRAFT SP-9632] KB-XXXX Transferring SAML after domain change

pauline.delacruz — Tue, 01 Jul 2025 16:01:29 GMT

Revision 7 posted to Appian Knowledge Base by pauline.delacruz on 7/1/2025 4:01:29 PM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

Identity Provider (IDP) Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

Review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

Test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: July 2025

Tags: SAML, integration, idp, Cloud

[DRAFT SP-9632] KB-XXXX Transferring SAML after domain change

pauline.delacruz — Thu, 02 Jan 2025 17:35:23 GMT

Revision 6 posted to Appian Knowledge Base by pauline.delacruz on 1/2/2025 5:35:23 PM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

The required steps may vary with the IDP or custom configurations, and this KB is intended to be a guide to assist with the common changes. For further assistance please consult your IDP provider, and reach out to Appian Support through a support case.

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

Review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

Test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: January 2025

Tags: SAML, integration, idp, Cloud

[DRAFT SP-9632] Transferring SAML after domain change

pauline.delacruz — Fri, 12 Jul 2024 15:49:58 GMT

Revision 5 posted to Appian Knowledge Base by pauline.delacruz on 7/12/2024 3:49:58 PM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

Review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

Test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: July 2024

Tags: SAML, integration, idp, Cloud

[DRAFT SP-9632] Transferring SAML after domain change

camille.savagehansen — Wed, 19 Jun 2024 23:07:52 GMT

Revision 4 posted to Appian Knowledge Base by camille.savagehansen on 6/19/2024 11:07:52 PM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure aspects of SAML.

For Appian SAML configurations

The hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

By Preference:

review the Entity ID, and Service Provider Signing Certificate, and change as preferred. These will typically reference the Appian Hostname.
1. The Entity ID does not have to reflect the Hostname, as the Entity ID is a text value. It is important that this value aligns between SP and IDP.
2. The Signing Certificate may reflect the hostname in the Common Name.

Required:

Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.
Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

If you have made any changes to the SP configurations, these should be matched in the IDP.

If you have changed the Entity ID, signing certificate or otherwise, you will need to update this on the IDP side
After uploading the SP Metadata, and changing any IDP configurations, regenerate the IDP Metadata and download the XML file. If the Metadata is changed, upload the IDP Metadata to the Appian Admin Console.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended you test with a user in the SAML group, to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, Change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

[DRAFT SP-9632] Transferring SAML after domain change

camille.savagehansen — Wed, 29 May 2024 01:46:49 GMT

Revision 3 posted to Appian Knowledge Base by camille.savagehansen on 5/29/2024 1:46:49 AM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure SAML.

For Appian SAML configurations

the hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

review the Entity ID, and Service Provider Signing Certificate, and change as required. These will typically reference the Appian Hostname.
Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.

Please note, even if there are no manual changes to the SP Settings, you will still regenerate the SP Metadata to point to the new domain.

Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata.

Additionally, please see the following for more assistance regenerating the certificate.

IDP

To regenerate the IDP Metadata with the new custom domain:

If you have changed the Entity ID to reflect the new custom domain, you will need to update this on the IDP side
After uploading the SP Metadata, and changing the IDP Metadata settings, regenerate the IDP Metadata and download the XML file.
Review the XML metadata file to ensure the old Appian domain is replaced with the new domain, and upload this IDP metadata to Appian SAML configurations.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see the following for assistance with SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, Change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

SP-9632: Transferring SAML after domain change

camille.savagehansen — Wed, 29 May 2024 01:45:59 GMT

Revision 2 posted to Appian Knowledge Base by camille.savagehansen on 5/29/2024 1:45:59 AM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure SAML.

For Appian SAML configurations

the hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

review the Entity ID, and Service Provider Signing Certificate, and change as required. These will typically reference the Appian Hostname.
Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.

Please note, even if there are no manual changes to the SP Settings, you will still regenerate the SP Metadata to point to the new domain.

Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

Please see the following resource for more information on service provider metadata

Additionally, please see the following for more assistance regenerating the certificate

IDP

To regenerate the IDP Metadata with the new custom domain:

If you have changed the Entity ID to reflect the new custom domain, you will need to update this on the IDP side
After uploading the SP Metadata, and changing the IDP Metadata settings, regenerate the IDP Metadata and download the XML file.
Review the XML metadata file to ensure the old Appian domain is replaced with the new domain, and upload this IDP metadata to Appian SAML configurations.

If your IDP does not have a field to upload the service provider metadata file. Please see the following resource to assist with updating the configurations in the IDP.

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance, please see the following for assistance with SAML configuration in Appian.

User Start Pages

If you have a User Start Page configured, Change the user start page configuration to reflect the new domain.

Recommended

For further questions on SAML see our SAML FAQ.

SP-9632: Transferring SAML after domain change

camille.savagehansen — Wed, 29 May 2024 01:37:30 GMT

Revision 1 posted to Appian Knowledge Base by camille.savagehansen on 5/29/2024 1:37:30 AM

SAML is tied to the Service Provider Hostname, hence when changing to a custom domain there will be required changes to reconfigure SAML.

For Appian SAML configurations, the hostname is referenced in:

Service Provider (SP) Metadata

The hostname may also be referenced in:

IDP Metadata
Service Provider PEM file Signing Certificate
User Start Pages

SP Metadata

To regenerate the SP Metadata with the new customer domain:

review the Entity ID, and Service Provider Signing Certificate, and change as required. These will typically reference the Appian Hostname.
Once the SP settings are updated, regenerate the SP Metadata, this will download a XML file with the required connection information.

Please note, even if there are no manual changes to the SP Settings, you will still regenerate the SP Metadata to point to the new domain.

Review the XML metadata file to ensure the old domain is replaced with the new domain, and upload this SP metadata to you IDP.

For information on the service Provider metadata see: https://docs.appian.com/suite/help/24.1/SAML_for_Single_Sign-On.html#service-provider-metadata

For assistance regenerating the certificate see: https://community.appian.com/support/w/kb/330/kb-1108-how-to-create-a-self-signed-certificate-for-saml-authentication

IDP

To regenerate the IDP Metadata with the new custom domain:

If you have changed the Entity ID to reflect the new custom domain, you will need to update this on the IDP side
After uploading the SP Metadata, and changing the IDP Metadata settings, regenerate the IDP Metadata and download the XML file.
Review the XML metadata file to ensure the old Appian domain is replaced with the new domain, and upload this IDP metadata to Appian SAML configurations.

If your IDP does not have a field to upload the service provider metadata file. Please update the configurations in the IDP outline in the following resource:

https://community.appian.com/support/w/kb/370/kb-1153-saml-authentication-faq#My%20identity%20provider%20does%20not%20have%20a%20field%20to%20upload%20a%20service%20provider%20metadata%20file.%20How%20do%20I%20configure%20SAML?

External to Appian, please work with your IDP provider to determine where the IDP references the domain of the SP and change the value to reflect the new hostname.

Saving Changes to SAML Configuration in Appian

After changing the SAML configuration in Appian:

test the connection, using the “ Test This Configuration” button in the top right hand corner of the SAML Configurations page.
1. This is mandatory to save changes if you are signed in with a user in the SAML group, to ensure you do not accidentally log yourself out.
2. This is not mandatory if you are not in the SAML group, however it is highly recommended to ensure you do not save invalid configurations. You will be able to save invalid configurations if the user is not in the SAML group.
Choose “Done” and “Save Changes” in the lower right hand corner of the “SAML Authentication” page.

For further guidance on Saml configuration in Appian see: https://docs.appian.com/suite/help/24.1/SAML_for_Single_Sign-On.html#how-to-add-a-saml-identity-provider

User Start Pages

If you have a user start page configured, Change the user start page configuration to reflect the new domain. See more in: https://docs.appian.com/suite/help/24.1/Appian_Administration_Console.html#user-start-pages

Recommended

Prior to changing the Domain, we recommend ensuring a system administrator user is outside the SAML group. If any issues occur the user can access the admin console and disable Saml to allow user access. See more on this recommendation in the following resource: https://docs.appian.com/suite/help/23.1/SAML_for_Single_Sign-On.html#authentication-group

For further questions on SAML see our SAML FAQ: https://community.appian.com/support/w/kb/370/kb-1153-saml-authentication-faq