1. Help Center
  2. Advanced Integrations

Setting up SAML-SSO with your identity provider

Our process for implementing SSO

SSO provides convenient and secure access to our platform via your chosen identity provider.

Benefits

All accounts can use our regular credentialed access, but by configuration SSO and using your identity provider:

  • You can have a single-click login from either our login page (Service Provider initiated access, SP) or from your app launcher (Identity Provider-Initiated access, idP)

  • You can ensure that removing a user's access in your identity system will prevent them from accessing the ScopeStack platform.

You can start using ScopeStack with credentialed access and switch to SSO at any time. ScopeStack can match existing user emails against the addresses provided by your identity provider.

Process

We follow the following process to complete SAML-based SSO configuration:

  1. The client provides some key information to our Support team. (outlined below)

  2. Our dev team configures the information in our platform. After this is complete, we provide you back the metadata you need to complete the configuration on your end. If you need a metadata file, you can save the metadata link we provide back to you as an XML file.

  3. We configure SSO for a single test user. First, that user tests logging in at scopestack.io and is authenticated through the company SSO provider. Then, that user tests logging in from the company application dashboard (IdP initiated)

  4. We enable SSO for your account. A user with no record in ScopeStack logs in from the company application dashboard (IdP initiated).

Once we've completed these steps, you are good to go!

Needed Information

If you've purchased an SSO Integration, to start the configuration process, we need some information from your identity provider. You can provide the following information to our support team by emailing support@scopestack.io

  • idp certificate (raw and/or plain text): This is typically in the form of a block of text

  • idp fingerprint (SHA1): This value is called Thumbprint in Azure AD, and is a string of letters and numbers that is typically generated to accompany the certificate

  • idp SSO target URL (SSO -> sign on): This is a URL

  • idp SLO target URL (SLO -> log out): This is a URL

  • A complete metadata file is also helpful: This is typically in the form of an XML file

Help Information

For help finding these items, review these Help Documents from various common identity providers:

Azure AD

  • Quickstart: Enable single sign-on for an enterprise application in Azure Active Directory (link here). 

  • Advanced certificate signing options in a SAML token in Azure Active Directory (link here).

  • Manage certificates for federated single sign-on in Azure Active Directory (link here).

Salesforce

  • Enable Salesforce as a SAML Identity Provider (link here).

OKTA

  • Add SAML pass-through application to OKTA (link here).