SAML Settings

This article will show you how to create a Single Sign-on (SSO) endpoint that can be used to log users into ScreenSteps using an external service. By default an SSO endpoint will work with *.screenstepslive.com urls (e.g. YOUR-ACCOUNT.screenstepslive.com).

If you are using host mapping with a site and would like to use SSO with that site then please do the following:

  1. Set up your SSO endpoint and assign a single site to it. The site should be have host mapping set up.
  2. Email us with the url of the site and we will finish settings things up for you.

1. Create Single Sign-on Endpoint

  1. Click on Account
  2. Click on Single Sign-on
Open Single Sign-on
  1. Click on Create Single Sign-on Endpoint

2. Choose your site and create the connection

Choose your site and create the connection
  1. Make sure you have set your mode to SAML.
  2. Remote login url - This is the url where ScreenSteps will redirect to when a SAML request is made. This should be provided to you by your SAML provider.
  3. Log out url - This is optional. It is a URL that your users will be taken to once they log out of ScreenSteps.
  4. Create the Endpoint

3. Upload the SAML Certificate file

upload saml certificate
  1. X.509 certificate - You need to get this certificate file from your SAML provider and upload it to ScreenSteps.
  2. SAML Consumer URL - Use this URL to test your SAML settings.
  3. SAML Test URL - Use this URL to test that your SAML settings work (after you save them and configure your identity provider).
  4. Once you have entered all of your settings, select Update.

4. Metadata for your identity provider

If your identity provider needs you to enter metadata for ScreenSteps, use the SAML Consumer URL shown above.

For the Entity ID use ScreenSteps-Live.

Here is the XML Metadata for ScreenSteps. Be sure to replace the {{}} with your SAML Consumer URL:

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="ScreenSteps-Live">
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="false">
      <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{replace with your ScreenSteps SAML Consumer URL }}" isDefault="true" index="0" />
   </md:SPSSODescriptor>
</md:EntityDescriptor>

5. Add to Site

Add to site

0 Comments

Add your comment

E-Mail me when someone replies to this comment