All Collections
Integrations
ADD ON: SSO - SAML Integration
ADD ON: SSO - SAML Integration
Updated over a week ago

Introduction

SAML (Security Assertion Markup Language) is an open-source standard for authentication. It allows an organization to use one set of credentials along multiple systems by exchanging information between IDP (Identity Providers) and SP (Service Providers).

Another common standard is (OIDC) OpenID.

Roles

  • Service Provider: A service provider is an application that supports SAML assertions. Sessionboard is the service provider.

  • Identity Provider: The identity provider is the original system that controls user creation/authentication. It must support SAML. Some examples are:

    • Auth0

    • Okta

    • OneLogin

The expectation is that customers can configure SAML-compliant SSO IDPs to manage the creation of Sessionboard users and ensure the same password can be used in both systems for access.

Setup Requirements

Sessionboard requirements:

Sessionboard will provide the following information to the customer:

  • Assertion Consumer Service URL: This is the url that receives a POST call from the identity provider with the SAML assertion. This endpoint will use the certificate to check that.

  • Audience URL: This is an identifier of the SP.

Customer requirements:

The customer must provide the following information to Sessionboard to enable SAML 2.0 SSO:

  1. A SAML application created in the vendor identity provider.

  2. x509 Certificate for SAML Assertion

  3. Issuer (it is useful to identify the provider’s application uniqueness).

  4. Domain (which domain is intended to support SSO).

View 'Okta Setup' below for further instructions on how to receive the requested information above.

By default, Sessionboard expects the following attributes to be returned as part of the user profile:

  • id: default ID from the SAML remote user directory.

  • firstName: user first name, used to reference the user and associated contact in our system

  • lastName: user last name, used to reference the user and associated contact in our system

  • email: user email that is used to log into Sessionboard and for authentication communications (password reset, new user invitation, etc.)

  • nameID: also user email

Okta Setup

  1. Create an application: Using the left menu, go into Applications > Applications.

  2. Click on Create App Integration

  3. Choose SAML 2.0 and click Next.

  4. Fill out step 1 and click Next.

  5. Fill fields in step 2 utilizing information received from Sessioboard:

    1. Fill Single sign-on URL using the Sessionboard provided URL (the assertion endpoint).

    2. Fill in the Audience URL which is the Sessionboard provided URL (the web URL).

    3. NameID format has to be EmailAddress.

  6. Scroll down to Attributes Statements (Optional)

    Important! This information is used to create a new user if it does not exist.

    Add the following:

    • firstName = user.firstName

    • lastName = user.lastName

    • email = user.email

    • id = user.id

    After that click Next and Save.

    The application has been created and it can now be configured in Sessionboard.

  7. On the right side of your screen, click on the View SAML setup instructions button.


    Open these to access the information you will need to provide to Sessionboard.



    Once this is configured and saved, the identity provider will be ready to create and manage users in Sessionboard.

Related Articles
Swapcard Integration
Swoogo Integration
ExpoPlatform Integration
ASP Integration
Cvent Integration
Did this answer your question?