Follow

Single Sign-on (SSO)

SSO is an enterprise-ready activation mechanism, allowing one-tap login. Users simply log in to the app with your corporate identity provider and have instant access to all of their events. Supported providers are G Suite (Google Apps for Work), Office 365, Okta and many more via SAML2 or OAuth2 protocols.

Screen_Shot_2018-01-25_at_14.40.45.png

 Supported Protocols

Open protocols Proprietary protocols
SAML 2.0 G Suite (Google Apps for Work)
OAuth 2.0 Yammer
  Salesforce
  LinkedIn
  Facebook

 

Test Credentials

  • We need test credentials, regardless of the SSO used.

  • This means that you may need to create a user for SpotMe in your system.

  • Having test credentials is crucial to verify if the integration works as expected and to troubleshoot any potential bug.

  • Without test credential we cannot complete the integration.

SAML2

draft-saml-logo-03.png

  1. Configuration supported by the SpotMe Framework

    • SP Initiated

    • Authentication requests (AuthN) must be signed

    • Encryption is not supported

    • Default NameId is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    • Logout not supported

  2. What the client needs from SpotMe

    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/saml

    • Entity ID: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/saml

    • Federated metadata xml file

      • https://appservice.4pax.com/api/v1/appservice/sso/branding/[BRANDING_ID]/auth/saml/saml-sp-metadata

  3. What SpotMe needs from the client 

    • IdP entry point (URL) for sign on

    • IdP's public PEM-encoded X.509 certificate, to verify authentication requests signature

    • Test credentials

OAUTH2

oauth2_logo.png

  1. What the client needs from SpotMe
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/oauth2
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials

GOOGLE

Googlelogo.png

  1. What the client needs from SpotMe
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/google
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials
  3. How to configure (Client side)
    • https://console.developers.google.com
    • Create credential
    • Authorize redirect urls
      • https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/google

SALESFORCE

Salesforce_logo.png

  1. What the client needs from SpotMe
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/forcedotcom
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials
  3. How to configure (Client side)

YAMMER

Yammer_logo.png

  1. What the client needs from SpotMe
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/yammer
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials
  3. How to configure (Client side)

    • Register New App
    • Authorize redirect URI
      • https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/yammer

LINKEDIN 

800px-LinkedIn_Logo.png

  1. What the client needs from SpotMe
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/linkedin
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials
  3. How to configure (Client side)
    • Register New App
    • Authorize redirect URI
      • https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/linkedin

FACEBOOK

1000px-Facebook.png

  1. What the client needs from the client
    • Callback URL: https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/facebook
  2. What SpotMe needs from the client
    • ClientId: public identifier for apps
    • ClientSecret: must be kept confidential
    • Test credentials
  3. How to configure (Client side)
    • Create an App
    • Authorize redirect URI
      • https://appservice.4pax.com/api/v1/appservice/sso/callback/[BRANDING_ID]/facebook

* SP: Service Provider (SpotMe)

* IdP: Identity Provider (Client)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.