diff --git a/Gemfile b/Gemfile
index 99433f7bb..dfdd5557d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -72,6 +72,7 @@ gem 'devise', '>= 4.9'
 gem 'omniauth', '~> 2.1'
 gem 'omniauth-oauth2'
 gem 'omniauth_openid_connect'
+gem 'omniauth-saml'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'rolify'
@@ -153,4 +154,4 @@ gem 'sentry-ruby'
 gem "reverse_markdown"
 
 gem "ancestry"
-gem 'silencer', require: false
\ No newline at end of file
+gem 'silencer', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index b798e07fe..0495981c7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -292,6 +292,9 @@ GEM
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
+    omniauth-saml (2.1.0)
+      omniauth (~> 2.0)
+      ruby-saml (~> 1.12)
     omniauth_openid_connect (0.6.1)
       omniauth (>= 1.9, < 3)
       openid_connect (~> 1.1)
@@ -422,6 +425,9 @@ GEM
       rubocop (>= 1.7.0, < 2.0)
     ruby-progressbar (1.10.1)
     ruby-rc4 (0.1.5)
+    ruby-saml (1.16.0)
+      nokogiri (>= 1.13.10)
+      rexml
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     rubyXL (3.4.25)
@@ -579,6 +585,7 @@ DEPENDENCIES
   omniauth (~> 2.1)
   omniauth-oauth2
   omniauth-rails_csrf_protection (~> 1.0)
+  omniauth-saml
   omniauth_openid_connect
   openlab_ruby
   overcommit
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 466bd5b09..dd869f114 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -7,6 +7,7 @@ class SessionsController < Devise::SessionsController
     if active_provider.providable_type == 'DatabaseProvider'
       super
     else
+      p active_provider
       redirect_post "/users/auth/#{active_provider.strategy_name}"
     end
   end
diff --git a/lib/omni_auth/strategies/sso_saml_provider.rb b/lib/omni_auth/strategies/sso_saml_provider.rb
new file mode 100644
index 000000000..b8405a426
--- /dev/null
+++ b/lib/omni_auth/strategies/sso_saml_provider.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'omniauth-saml'
+
+# Authentication strategy provided trough SAML
+class OmniAuth::Strategies::SsoSamlProvider < OmniAuth::Strategies::SAML
+  include OmniAuth::DataMapping::Mapper
+end
diff --git a/lib/tasks/fablab/auth.rake b/lib/tasks/fablab/auth.rake
index adb20cc99..8b42dc43d 100644
--- a/lib/tasks/fablab/auth.rake
+++ b/lib/tasks/fablab/auth.rake
@@ -5,21 +5,6 @@ namespace :fablab do
   namespace :auth do
     desc 'switch the active authentication provider'
     task :switch_provider, [:provider] => :environment do |_task, args|
-      providers = AuthProvider.all.inject('') { |str, item| "#{str}#{item[:name]}, " }
-      unless args.provider
-        puts "\e[0;31mERROR\e[0m: You must pass a provider name to activate. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.find_by(name: args.provider).nil?
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' does not exists. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.active.name == args.provider
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' is already enabled"
-        next
-      end
 
       # disable previous provider
       prev_prev = AuthProvider.previous
@@ -28,7 +13,7 @@ namespace :fablab do
       AuthProvider.active.update(status: 'previous') unless AuthProvider.active.name == 'DatabaseProvider::SimpleAuthProvider'
 
       # enable given provider
-      AuthProvider.find_by(name: args.provider).update(status: 'active')
+      AuthProvider.find_by(name: 'FabManager').update(status: 'active')
 
       # migrate the current users.
       if AuthProvider.active.providable_type == DatabaseProvider.name