Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. It allows users to log into multiple applications with one set of credentials. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password:
- No need to type in credentials
- No need to remember and update passwords
- No weak passwords
Most organizations already know the identity of users because they are logged into their Active Directory domain or intranet. It makes sense to use this information to log users into Officevibe.
SAML is very powerful and flexible, but the specification can be quite a handful. Our Engineering team will assist with the Configuration.
You will have to create an application in the IDP (Identity Provider) with the configuration of our SP (Service Provider) to offer SAML authentication to your users.
Authentication requests must be signed with the SHA-256 algorithm. We do not support SHA-1 since it is too vulnerable to attacks.
Our SP configurations:
- EntityId: https://app.officevibe.com (or other depending in the environment)
- Assertion Consumer Service Url (ACS): https://app.officevibe.com/auth/saml2/Acs (or other depending on the environment).
You will have to provide the user's email during SAML authentication. The name of the claim to include for the email is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Here's the URL for our metadata (XML file):
- Production: https://app.officevibe.com/auth/saml2/
- Sandbox: https://sandbox.officevibe.com/auth/saml2/
Our engineering team will need your metadata to assist in the configuration.
- We only support SAML 2.0
- We only support the IDP Initiated flow (there is no user-friendly URL to authenticate users)
- There is no Single Log Out (a user logging out of OV will not be logged out of the system doing the SAML authentication)
- Authentication requests must be signed with the SHA-256 algorithm.
One-time fee that covers the setup: $3000 USD
Other SSO options:
- Syncing with Office 365 / Active Directory
- Syncing with Slack
- Syncing with Google
- Syncing with Yammer