Skip to content
English - United Kingdom
  • There are no suggestions because the search field is empty.

How do I add SSO to the system?

In addition to logging in with Multi-Factor Authenticator, you can also implement SSO (Single Sign-On) to SpeakUp.

Before configuring SSO, the feature needs to be activated on our side. Please reach out to us if it hasn't been activated yet.

What is SSO?

SSO enables users to access multiple applications with a single set of login credentials, simplifying the authentication process.

To set up SSO you will need to have an Identity provider that supports SAML (Security Assertion Markup Language), like Google or Microsoft.

The successful implementation of SSO is a shared responsibility. We're here to provide guidance and support. However, the actual setup of SSO will be carried out on your side.

Setting up SSO:

  1. You will need to have an Identity provider that supports SAML.

  2. Only a user with the Administrator role can access the SSO configuration. We would recommend that you give this role to your IT expert.

  3. An Administrator then needs to fill in your SSO details (SAML configuration).

How to configure SSO (after we have activated SSO for you):

  1. Go to “System” on the menu then select “Configurations

    54858953-975f-48e0-a187-b3897f09d1fd

  2. Open the “Security” tab and click on the “Configure SSO” button.

    35095afb-7b61-4f0f-afa4-9a02b898f06a

  3. In the next screen, you will be given the SAML configuration details that you will need to fill in with your Identity provider (Microsoft, Amazon, etc.)

  4. Copy the provided SAML configuration details

    1. Identifier (Entity ID)

    2. Reply URL (Assertion Consumer Service URL)

  5. When you have configured your Identity provider, the “User attributes” will be available from your Identity provider.

  6. Fill the “User attributes” details in the following fields: this depends on your Identity provider. It can be either text or a URL.

    1. Given name (examples: firstname, name, givenname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)

    2. Email (examples: primaryemail, email, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)

      431e5010-47ee-4635-8efd-1d496d00ab26

  7. Some Identity providers provide a metadata URL, others provide a document. In the case of a document, you need to make the file publicly accessible with a URL and paste the URL here.

  8. Copy the Federation metadata URL from your Identity provider and paste it to the URL field.

    721c3e9b-33a8-437f-b981-35ffcdb447cc

  9. In your Identity provider, give access to SpeakUp to all the accounts you want to allow access.

  10. Click on “Enable SSO”.

  11. From now on all users will log in via SSO.

 

  • SAML - based authentication

  • SpeakUp is hosted on AWS (Amazon Web Services)

  • Once enabled, SSO cannot be turned off from your side. Please contact us if you wish to disable it.

  • Be aware that the SSO certificate has an expiration date. It's crucial to renew it before the expiration to ensure uninterrupted service. In the event it surpasses expiration without renewal, please reach out to us by the buoy button to contact Support.