If you are going to change the subdomain of a ScreenSteps site and Single Sign-on (SSO) is configured for that site, then you will need to update the SSO settings in your SSO provider (e.g. Azure, Google, or Salesforce). This article will walk you through the process.
A ScreenSteps site can only be associated with a single subdomain. Once you change the subdomain in your Site settings, the url for your site and the associated ScreenSteps SAML/Remote Consumer URL will change immediately.
Your SSO setup will no longer work until you update your SSO provider settings with the new SAML/Remote Consumer URL.
Did you configure your SSO provider with a metadata XML file or a URL?
Some services like Azure, Google Apps or Salesforce allow you to configure an SSO integration using the SAML Consumer URL that ScreenSteps generates for your site or account SSO configuration. This may be referred to as an ACS URL or a Sign-on URL.
If you are using Remote Authentication rather than SAML then you configured your server to use the Remote Consumer URL that ScreenSteps generates for your site or account SSO configuration.
Other services, such as PhenixID, have you upload a metadata XML file which contains your ScreenSteps Entity ID and ScreenSteps Remote SAML Consumer URL.
Locate where you will enter the URL in your SSO provider
If you are using SAML and you need to review where the ScreenSteps SAML Consumer URL was entered you can refer to the instructions in one of our SAML setup guide.
If you are using Remote Authentication then locate where you server is using the ScreenSteps Remote Consumer URL.
Prepare a new metadata file
You will need to create a new metadata file to upload to your SSO provider. You will find the template and instructions in our Metadata for your identity provider article. You can create a new metadata file and enter the Entity ID as described in the instructions. Do not update the Remote Consumer URL yet. You will do that after you change the subdomain for your site.
Locate where you will upload the metadata file in your SSO provider
Make sure that you know where you will upload the metadata file within your SSO provider interface.
Locate where you will download a new X.509 SAML Certificate
If your SSO endpoint in ScreenSteps is configured using SAML then you will need to download a new certificate after you update your SAML provider with your new subdomain settings.
Take a look at our article on Uploading a new X.509 SAML Certificate to your ScreenSteps Authentication Endpoint and locate where in your SSO provider you will download the certificate. This will ensure that you can update your certificate quickly after updating your subdomain in ScreenSteps.
Update subdomain for your site
Now that you know where you will need to update your SSO information, you can change the subdomain for your site by following the instructions in the Create a custom subdomain in ScreenSteps article.
Locate the updated SAML/Remote Consumer URL
Now that you have updated your site subdomain the SAML Consumer URL or Remote Consumer URL for your site SSO setup will have changed. You will find the new url in the Site Settings > Single Sign-on section. The SAML/Consumer URL is listed at the bottom of the Single Sign-on settings page.
Update the SAML/Remote Consumer URL
You can now update the URL used in your SAML provider or on your own Remote Authentication server.
Upload a new SAML Certificate
If your SSO endpoint is set up for SAML you should now download a new X.509 certificate from your provider and upload it to ScreenSteps.
Test logging in to your ScreenSteps site
After updating the URL in your SSO provider you should be able to log into your ScreenSteps site using your SSO credentials. If you encounter any problems please contact [email protected].