SSO is an enterprise-ready activation mechanism, allowing one-tap login.
Users simply log in to the app with your corporate identity provider (IDP) and have instant access to all of their workspaces.
Supported providers are G Suite, Azure ActiveDirectory, Okta and many more via SAML2, OAuth2 or OpenID Connect protocols.
Supported protocols
Open protocols | Supported vendors |
SAML 2 | Azure Active Directory |
OAuth 2.0 | Google Identity Platform |
OpenID Connect | Okta, Auth0 |
Notes
- SpotMe uses email as the unique identifier for users.
- Generally users are expected to be already present in workspaces they can attend, but can be also provisioned just-in-time during the initial authentication.
- BRANDING_ID mentioned below refers to an identifier of your app, it's the same ID you use to share the app with users via
https://install.event/[BRANDING ID]
link. Reach out to our support if you're not sure what your BRANDING_ID is. - The configuration for your system, based on the protocol used (per the below), will be provided by your account manager
Note: The requirements and capabilities mentioned below are applicable to nominal cases, however should your needs require a different configuration, please contact SpotMe support.
SAML 2
SpotMe client capabilities
- SP Initiated.
- Authentication requests (AuthN) must be signed.
- Encryption is supported.
- Logout is not supported.
- Default
NameId
isurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Requirements
- IdP's federated XML metadata file.
- IdP URL for sign on and IdP's public PEM-encoded X.509 certificate (if metadata file is not available).
- Test credentials.
OAuth 2.0
Requirements
- Client ID.
- Client secret.
- Test credentials.
If you wish to know more about OAuth2.0 SSO, please contact your SpotMe account manager.
OpenID Connect
SpotMe client capabilities
- Both code (recommended) and implicity flows are supported.
- Logout is not supported.
Requirements
- Discovery URL, if not available:
- Issuer URL
- Authorization endpoint
- Token endpoint
- User info endpoint
- JWKS endpoint
- Revocation endpoint
- Client ID.
- Client secret.
- Test credentials.
Comments
0 comments
Please sign in to leave a comment.