If you or your organization uses a SAML 2.0 compliant identity provider to manage your users and roles, you can use your existing identity provider to grant access to your Skeddly account.
Using your existing identity provider, the workflow your users would experience is the following:
- The user browses to your organizations identity portal and signs-in using his credentials for that portal.
- The portal identifies and verifies the user.
- The user triggers a sign-in to Skeddly. This initiates a SAML authentication response which navigates the user to Skeddly.
- Skeddly verifies the SAML authentication response, and after verification, signs the user into the Skeddly account.
From the user's perspective, this process happens transparently. The user starts in your identity provider's portal, and ends in the Skeddly account without having to enter any Skeddly credentials.
Popular Identity Providers
- Active Directory Federation Service
- Google Apps
- AWS SSO
Generic Identity Provider Configuration
Depending on your Identity Provider, these steps may need to be reordered.
Step 1: Obtain your Identity Provider's SAML Metadata Document
In order to proceed to step 2, you will need to obtain a SAML metadata document from your IdP.
This document is an XML file that includes the following:
- Your Identity Provider's issuer name
- Certificate public keys
Step 2: Create an Identity Provider in Skeddly
Please follow these instructions to create your Skeddly Identity Provider.
Step 3: Add Skeddly to your Identity Provider
Add Skeddly as an application to your Identity Provider, as per your Identity Provider's instructions. If possible, import the Skeddly service provider metadata document from the following URL:
SAML Assertion Response Requirements
Signed: All SAML assertion responses must be signed using your IdP's signing key.
Audience: The audience must be set to "https://app.skeddly.com/".
NameId: The name ID must be present.
Assertion Consumption Endpoint: https://app.skeddly.com/sso/saml/ (POST only)
This attribute must be a comma-separate list of the following:
- One and only one SRN of your Skeddly identity provider. This can be copied from your identity provider's "view" page in your Skeddly account.
- One or more SRNs of Managed Policies to be applied to the user when they are signed-in. These SRNs can be found in the Managed Policies pages in your Skeddly account.
For example, the value for this attribute could be:
Use this attribute to override the name displayed in Skeddly after the user is signed-in. By default, the NameId value is used. But if you want a more friendly name shown, use this attribute to override it.