Integrations
      Back to home
      1. Advice and answers from the Sessionboard Team
      2. Integrations

      ADD ON: SSO (Single Sign-On)

      Contact support@sessionboard.com to receive pricing for this add-on.

       

      What is SSO (Single Sign-On)

       

      Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of login credentials. Instead of having to remember and enter different usernames and passwords for each application, users log in once to a central authentication service and then gain access to all linked systems without needing to log in again.

       

      Examples of SSO providers include: Okta, Auth0, and Microsoft Azure Active Directory (Azure AD).

       

      Benefits of SSO

      1. Unified Access: Users can access multiple applications or services after logging in just once.

      2. Improved Security: By reducing the number of passwords users need to remember and manage, SSO can lower the risk of weak or reused passwords. Centralized authentication also makes it easier to enforce strong security policies.

      3. User Convenience: Simplifies the login process for users, leading to a smoother and more efficient experience.

      4. Centralized Management: IT administrators can manage user access and permissions from a single point, streamlining administrative tasks and improving oversight.

      5. Integration: SSO systems often integrate with various identity providers and applications, facilitating access across diverse platforms and services.

      Additional Information

      • Sessionboard supports the following SSO configurations: SAML (Security Assertion Markup Language) & OIDC (OpenID Connect).

      • Sessionboard can set up a different SAML / OIDC configuration for the Session Submission Form, Portals, and Admin login.

      • Sessionboard does not support Two-factor authentication (2FA) at this time.

       

      SSO Setup Requirements

      Sessionboard requirements:

      Sessionboard will provide the following information to the customer:

      • Assertion Consumer Service URL: This is the url that receives a POST call from the identity provider with the SAML assertion. This endpoint will use the certificate to check that.

      • Audience URL: This is an identifier of the SP.

      Customer requirements:

      The customer must provide the following information to Sessionboard to enable SAML 2.0 SSO:

      1. A SAML application created in the vendor identity provider.

      2. x509 Certificate for SAML Assertion

      3. Issuer (it is useful to identify the provider’s application uniqueness).

      4. Domain (which domain is intended to support SSO).

      5. A test user so we may confirm the login flow.

      View 'Okta Setup' below for further instructions on how to receive the requested information above. 

      By default, Sessionboard expects the following attributes to be returned as part of the user profile:

      • id: default ID from the SAML remote user directory.

      • firstName: user first name, used to reference the user and associated contact in our system

      • lastName: user last name, used to reference the user and associated contact in our system

      • email: user email that is used to log into Sessionboard and for authentication communications (password reset, new user invitation, etc.)

      • nameID: also user email

      Okta Setup

      The below instructions are for Okta (common IDP) but can be abstracted to other providers.

      1. Create an application: Using the left menu, go into Applications > Applications.

      2. Click on Create App Integration

      3. Choose SAML 2.0 and click Next.

      4. Fill out step 1 and click Next.

      5. Fill fields in step 2 utilizing information received from Sessioboard:

        1. Fill Single sign-on URL using the Sessionboard provided URL (the assertion endpoint).

        2. Fill in the Audience URL which is the Sessionboard provided URL (the web URL).

        3. NameID format has to be EmailAddress.

      6. Scroll down to Attributes Statements (Optional)

        Important! This information is used to create a new user if it does not exist.

        Add the following:

        • firstName = user.firstName

        • lastName = user.lastName

        • email = user.email

        • id = user.id

        After that click Next and Save.

        The application has been created and it can now be configured in Sessionboard.

      7. On the right side of your screen, click on the View SAML setup instructions button.


        Open these to access the information you will need to provide to Sessionboard.



        Once this is configured and saved, the identity provider will be ready to create and manage users in Sessionboard.