This article is also available in:
Single Sign On (SSO) allows the user to log into Steeple without having to use a new password. It also allows just-in-time provisioning, that is, automatically creating a user in your community at the first login.

However, if you use JIT, users will not be prompted to log via SSO on each visit. Administrators should delete them manually when needed.

Configuring your Identity Provider

For the moment, administrators are not able to configure SSO on the platform.

You should send an email to security@steeple.fr with this information :
- Your XML idp metadata file (or one by one fields : certificate or thumbprint, idp entity ID, sso_target_url, your name id format...)
- Your Steeple community

And we will send you back the service provider information.

Some notes :
- Prefer persistent name id format (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent) because it is used as a unique key in Steeple and it should not change when an employee have their name changed for example.
- We support idp-initiated login, ans sp-initiated login
- Just-in-Time provisionning will be automatically enabled, meaning a steeple account will be created at first login
- If a user is already logged in in Steeple, and create a SAML login, it will not create a new Steeple account but it will merge both accounts.
- It is not working on Android and iOs app for the moment, only in a browser. Our app is very responsive, you can use your mobile browser and add the app to your home screen, and have a very similar experience.
- Users are still allowed to add a Password in Steeple, and then log to Steeple with this password, so they can add a password on their browser and then use the native app with the password.

Attributes mapping

Email (required) : email, mail
First name : first_name, firstname, firstName
Last name : last_name, lastname, lastName
Birthday : birthday
Seniority Date : seniority_date
Biography : biography
Phone Number : phone_number

Tutorials (Custom SAML apps)

from aide.steeple.fr

G Suite

on the internet

ADFS (Active Directory Federation Services) - Create a Relying Party Trust
Azure - Configuring single sign-on to applications
Auth0 - Auth0 as Identity Provider
JumpCloud - Single Sign On (SSO) with GitLab
Okta - Setting up a SAML application in Okta
OneLogin - Use the OneLogin SAML Test Connector
Ping Identity - Add and configure a new SAML application
G Suite (prefer the one from aide.steeple.fr) - Set up your own custom SAML application
Was this article helpful?
Cancel
Thank you!