Overview
What is SSO(Single sign-on)?
SSO is a feature that allows you to use your own Identity Provider(IdP) as the source of your members. In short, a member of your organization can log into the Sendbird account using the IdP credentials instead of Sendbird ID/Password.
*IdP(Identity Provider) : ex. Google, Facebook, Instagram, Fitbit, Microsoft, Box, Amazon Web Services(AWS)
Configure Single sign-on with SAML
- Sign into Dashboard with an owner / admin account of the organization you want to enable SSO.
- After you’ve configured your identity provider(Idp), you can configure SAML Single Sign-On(SSO) in your Dashboard > Organization settings > Access control page.
Click the SSO configure button.
- Fill in the values from your IdP.
You’ll need to enter your IDP Entity ID, SSO Endpoint URL and X.509 Public Certificate.
*** Note : Make sure you append ‘urn:’ in front of the Entity ID.**
JIT(Just-in-Time) Provisioning?
IdP provides you user information, but you still need to either
- Create a user on sendbird side or,
- Map an existing user to the IdP user
to allow access to the Dashboard.
JIT provisioning is the option to enable (a). Currently, without JIT provisioning, a user has to sign-up first using the same email address and then log-in using SSO to map the existing account to IdP user.
4. Click save, and take a note of the SP Entity ID and SP Service URL on the popup.
- SP Entity ID : https://sendbird.com
- SP Assertion Customer Service URL : https://gate.sendbird.com/sso/<Organization Key>/acs
5. Take a note of the Organization Key for sign in with SSO
6. Enter the organization key.
7. You will redirect to your IdP login page. Login with as the user you created.
(If you have not checked the JIT provisioning option, you’ll have to create a Dashboard user with the same email first and then log in.)
8. With the JIT provisioning enabled, you will get an activation link. Go to your mail box and follow the link.
9. Once you’ve set up SSO, all members will be able to sign in to Sendbird Dashboard with their own IdP account.
10. A new SSO user will define a default role which has view-only functionality. An admin can change/modify the role or permissions as needed directly from ‘Organization Setting > Members’ section of the SB Dashboard.