SAML SSO Setup

Prerequisites

To set up SSO on SpotDraft, you need:

  • A SpotDraft account with Admin access.
  • An account with your chosen Identity Provider (IdP) that supports SAML 2.0.

Setting up SAML 2.0 SSO on SpotDraft

Step 1:

Login to SpotDraft and navigate to the Settings → Security and Identity.

Step 2:

Select the SAML SSO card under the ‘Authentication’ tab.

Step 3:

Based on the IdP used, you can use either of the following options:

  • Copy the Sign-on URL and Audience URL present on the screen
  • Download the SP Metadata file from the IdP configuration section

These values will be used in subsequent steps.

Configuring your Identity Provider (IdP)

The configuration process may differ for IdPs. Here's a general outline:

  1. Log in to your IdP's admin portal.
  2. Set up a new SAML application using the following information:
    • Sign-On URL (generated in Step 3 above)
    • Audience URL (generated in Step 3 above)
    • Name ID Format (default value will be ‘EmailAddress’)
    • Application Username (default value will be ‘Email’)

Use these detailed setup documents for popular IdPs supported by SpotDraft:

👉🏻 Azure SSO

👉🏻 Okta

👉🏻 OneLogin

💡 If your IdP is not listed above, contact their Support team for the next steps.

Complete the configuration on SpotDraft

Based on the IdP used, you can use either of the following options:

  • Copy the Single Sign-on URL, Logout URL, IdP Entity Id and IdP Certificate values from the IdP and paste in the relevant fields on SpotDraft.
  • Download the Metadata file from your IdP and upload it to the ‘SP Configuration’ section
  • Click on Save and enable

Testing your SSO integration

Once SSO is configured, it's essential to test the integration to ensure everything is working as expected. Perform the following tests:

  1. For IdP-initiated login: Log in using SSO from your IdP dashboard.

  2. For SP-initiated login: Go to SpotDraft’s login page and click on ‘Sign In With SSO’ Enter your email address and click on ‘Sign In’.


FAQs

Q: What is the SSO URL?

A: The SSO URL is the Single Sign-On URL where the SAML assertion is sent by the IdP to authenticate the user.

Q: What is the SLO URL?

A: The SLO URL is the Single Logout URL where the SAML LogoutRequest is sent to initiate a user's single logout.

Q: Can OAuth and SAML work simultaneously?

A: Yes, it can. But you can also choose not to. Contact SpotDraft support to know more.

Q: Can we make a few users log in via SAML and a few users log in via username and password?

A: No, this is not possible.

Q: Can we connect more than one SAML SSO application?

A: No.

Q: Is there any SSO SAML provider that SpotDraft doesn't support?

A: SpotDraft supports most SAML 2.0 compliant IdPs. If you encounter issues with any providers listed in the document above, please contact SpotDraft support.

Q: How do users log in to SpotDraft using SAML SSO?

A: Users can log in to SpotDraft using SAML SSO by entering their email address in the login screen and leaving the password field empty. They will be redirected to sign in via their IdP.

Was this article helpful?

0 out of 0 found this helpful