- Step 1: Configuring Custom Domain
- Step 2: Configure ADFS
- Step 3: Filling in SAML Settings
- Step 4: Setting up User Access
What is Single Sign-On?
Single sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors.
SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source.
Web applications are hosted by various companies and made available as a service. Some popular examples of web applications include Microsoft 365, GitHub, and Salesforce. There are thousands of others. People access web applications using a web browser on their computer. Single sign-on makes it possible for people to navigate between the various web applications without having to sign in multiple times.
Cloud applications can use OpenID Connect, OAuth, SAML, password-based, or linked for SSO. Single sign-on can also be disabled.
Configuration steps for SAML Single sign-on setup
Step 1: Configuring Custom Domain
If you don’t have a custom domain for the Admin or video portal, you need to configure a custom domain for the video portal or admin panel on the Branding page. If it is configured already, please skip this step.
- Click on the “change” link on the Admin Portal page to open the Request dialog
- Please fill in the required domain and send a request to our team by clicking on the Submit button. This process can take up to 1 business day for us to process your request.
Step 2: Configure ADFS
Configure your ADFS to allow access from your custom domains (e.g. video-my-brand.3deye.me, admin-my-brand.3deye.me) using the following instructions:
Step 3: Filling in SAML Settings
You should fill SAML settings of your identity provider on the Single sign-on page
You can get the values for Service Provider Entity Id and Secret key from FederationMetadata.xml of your ADFS.
For example, your ADFS has an address: http://your.identity.provider, so your Federation metadata: http://your.identity.provider/FederationMetadata.xml
Sign-in page URL:
Sign-out page URL: https://[SERVER]/adfs/ls/?wa=wsignout1.0
- After setting up SSO in your integrator, your login page will have an image of your Identity provider at the bottom of the login form. For example:
Step 4: Setting up User Access
Create a user under your customer, make sure to use the same email address for the user as is assigned in your platform. Only a user with a guard role can be assigned. Set up the user with the same email as an existing user registered in your AD.
You must enable the option “External user” to allow sign-on using your AD.
Now the configuration is complete. Users that are marked as External users will have to use your platform to be authenticated, they won't be able to login directly into the video portal. Those users that do not have the "External user" checkbox selected will be able to continue to use our platform normally and will be allowed to login using our login pages.