Using SAML you can streamline access to start.me, by enabling users to log in with their existing work accounts. Whether you're utilizing Okta, OneLogin, JumpCloud, ADFS, or another IdP, integration is straightforward.
In order to configure SSO for your Enterprise, follow these steps:
- Step 1: Add new IdP (Identity Provider) to start.me
- Step 2: Configure start.me as an application in your IdP
- Step 3: Configure IdP in start.me
- Change the label of the login button
- Test the login flow
- Skip the login screen
- Automatically Enroll Users in the Right Enterprise Teams
What is SAML?
SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. This integration provides single sign on for SAML and start.me, allowing you to use your SAML credentials to authenticate in start.me.
Step 1: Add new IdP (Identity Provider) to start.me
To configure a new SAML2 integration, the administrator can go to the Enterprise Admin Panel → Authentication → Single Sign-On (SSO) → click "Add".
While adding a new IdP you can select one of the popular IdP's:
[ Back to menu ]
Step 2: Configure start.me as an application in your IdP
Some IdP's allow you to automatically configure the SAML2 integration by a metadata file. You can get the start.me metadata file by going to the Metadata URL mentioned below.
Metadata URL | https://yourteamdomain].start.me/users/auth/saml2/metadata?id=[auth-id] |
Callback/ACS URL | https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id] |
Recipient | https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id] |
EntityID | startme |
Required attributes |
|
Example SAML-envelope:
[ Back to menu ]
Step 3: Configure IdP in start.me
Go to Enterprise Admin Panel → Authentication → and click "Configure" next to the IdP you created in step 1. Here you can upload the metadata file generated by the IdP. The following fields need to be specified:
- SAML 2.0 Endpoint (HTTP)
- IdP Entity ID
- Public Certificate
[ Back to menu ]
Change the label of the login button
Finally, you are able to configure the look and feel of the Login button that will be shown to users on the sign-in screen of your team portal.
Test the login flow
After you have configured your IdP, you can test the login flow by clicking "Open test page" in the menu.
This will open a new browser window with test instructions. You will need to copy the URL and open it in a new Incognito Window.
[ Back to menu ]
Skip the login screen
After you configured your IdP, you can select it as the default login method and thereby bypass the start.me login screen for your users. Instead of the start.me login screen, users will immediately be redirected to the IdP login screen.
[ Back to menu ]
Automatically Enroll Users in the Right Enterprise Teams
You can effortlessly assign your Enterprise teams to members when they sign in through Single Sign-On (SSO). To set up this seamless process, follow these steps:
- Include a "groups" attribute in SAML: Ensure the SAML response includes a "groups" attribute indicating user group membership.
- Send us an email with the mapping of group names to your start.me Enterprise teams.
Example Scenario:
When John Doe (john@doe.com) logs in via SSO, and his "groups" attribute shows 'Marketing' and 'Sales', we'll automatically place him in the 'Marketing Team' and 'Sales Team' as per your mapping."
[ Back to menu ]
Please contact support@start.me for more information about getting SAML2 integrated on start.me.
Comments
0 comments
Article is closed for comments.