Single Sign On (SSO) allows the user to log into Steeple without having to use a new password. It also allows just-in-time provisioning, that is, automatically creating a user in your community at the first login.

However, if you use JIT, users will not be prompted to log via SSO on each visit. Administrators should delete them manually when needed.

Configuring your Identity Provider

For the moment, administrators are not able to configure SSO on the platform.

You should send an email to security@steeple.fr with this information :
1 - Your XML idp metadata file (or one by one fields : certificate or thumbprint, idp entity ID, sso_target_url, your name id format...)
2 - Your Steeple community

And we will send you back the service provider information.

Some notes :
- Prefer persistent name id format (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent) because it is used as a unique key in Steeple and it should not change when an employee have their name changed for example.
- We support idp-initiated login, and sp-initiated login
- Just-in-Time provisionning will be automatically enabled, meaning a steeple account will be created at first login
- If a user is already logged in Steeple, and create a SAML login, it will not create a new Steeple account but it will merge both accounts.
- It is not working on Android and iOs app for the moment, only in a browser. Our app is very responsive, you can use your mobile browser and add the app to your home screen, and have a very similar experience.
- Users are still allowed to add a Password in Steeple, and then log to Steeple with this password, so they can add a password on their browser and then use the native app with the password.

Attributes mapping

Email (required) : email, mail
First name : first_name, firstname, firstName
Last name : last_name, lastname, lastName
Birthday : birthday
Seniority Date : seniority_date
Biography : biography
Phone Number : phone_number

Tutorials

For the moment, Steeple is not integrated into any IDP (Okta Catalog, or Azure AD Gallery, or OneLogin App Store, or GSuite SAML apps catalog, etc...). You should add custom SAML apps. Here is a link of tutorials fro multiple idps you might use :

Azure - on steeple.fr - on microsoft.com
G Suite on steeple.fr - on google.com
Okta - on steeple.fr - on okta.com
ADFS - on microsoft.com
Auth0 - on auth0.com
JumpCloud - on jumpcloud.com
OneLogin - on onelogin.com
Ping Identity - on pingidentity.com
Was this article helpful?
Cancel
Thank you!