All Collections
Teams and Organizations
SAML
Configuring Single Sign-On Using SAML
Configuring Single Sign-On Using SAML
Matt Houser avatar
Written by Matt Houser
Updated over a week ago

If you or your organization uses a SAML 2.0 compliant identity provider to manage your users and roles, you can use your existing identity provider to grant access to your Skeddly account.
​ 
Using your existing identity provider, the workflow your users would experience is the following:

  1. The user browses to your organizations identity portal and signs-in using his credentials for that portal.

  2. The portal identifies and verifies the user.

  3. The user triggers a sign-in to Skeddly. This initiates a SAML authentication response which navigates the user to Skeddly.

  4. Skeddly verifies the SAML authentication response, and after verification, signs the user into the Skeddly account.

From the user's perspective, this process happens transparently. The user starts in your identity provider's portal, and ends in the Skeddly account without having to enter any Skeddly credentials.

Popular Identity Providers

  • Active Directory Federation Service

  • OneLogin

  • Okta

  • Google Apps

  • AWS SSO

Generic Identity Provider Configuration

Depending on your Identity Provider, these steps may need to be reordered.

Step 1: Obtain your Identity Provider's SAML Metadata Document

In order to proceed to step 2, you will need to obtain a SAML metadata document from your IdP.
​ 
This document is an XML file that includes the following:

  • Your Identity Provider's issuer name

  • Certificate public keys

Step 2: Create an Identity Provider in Skeddly

Please follow these instructions to create your Skeddly Identity Provider.

Step 3: Add Skeddly to your Identity Provider

Add Skeddly as an application to your Identity Provider, as per your Identity Provider's instructions. If possible, import the Skeddly service provider metadata document from the following URL:
​ 
​ https://app.skeddly.com/Content/saml/skeddly-metadata.xml

SAML Assertion Response Requirements

Signed: All SAML assertion responses must be signed using your IdP's signing key.
Audience: The audience must be set to "https://app.skeddly.com/".
NameId: The name ID must be present.
Assertion Consumption Endpoint: https://app.skeddly.com/sso/saml/ (POST only)

Required Attributes

https://skeddly.com/SAML/Attributes/Roles
​ 
This attribute must be a comma-separate list of the following:

  • One and only one SRN of your Skeddly identity provider. This can be copied from your identity provider's "view" page in your Skeddly account.

  • One or more SRNs of Managed Policies to be applied to the user when they are signed-in. These SRNs can be found in the Managed Policies pages in your Skeddly account.

For example, the value for this attribute could be:

srn:skeddly:idp::012345678:my-idp, srn:skeddly:policy:::standard

Optional Attributes

https://skeddly.com/SAML/Attributes/NameIdOverride 

Use this attribute to override the name displayed in Skeddly after the user is signed-in. By default, the NameId value is used. But if you want a more friendly name shown, use this attribute to override it.

Did this answer your question?