Single Sign On (SSO)

Enterprise customers have the option to integrate CardBoard with your organization’s Identity Provider using SAML, letting your users log in securely and easily using systems they already know.

How to get started

If you use Okta, CardBoard is on the Okta app store!  Otherwise, we can provide you with all the information you need to connect your SAML system with CardBoard.

Either way, we’ll need a few details from you as well; specifically

  • SAML issuer ID (unique identify of your Identify Provider)
  • X.509 certificate or the fingerprint from the certificate
  • The SSO URL of your Identify Provider (optional)

Send this information to support@cardboardit.com to get started using SSO

CardBoard SSO Parameters

You may need these values to set up SSO with CardBoard on your side.

  • Single Sign On URL

    Recipient URL

    Destination URL

    Audience Restriction

    Default Relay State

    Name ID Format

    Signature Algorithm

    Digest Algorithm

  • https://app.cardboardit.com/users/saml/auth

    https://app.cardboardit.com/users/saml/auth

    https://app.cardboardit.com/users/saml/auth

    https://app.cardboardit.com/users/saml/metadata

    https://app.cardboardit.com/

    EmailAddress

    RSA_SHA256

    SHA256

Attribute Statements

  • firstName

    lastName

    firstLastName

    role

  • The first name of the user

    The last name of the user

    The first and last name of the user

    “collaborator” or “viewer” (optional)

New User Setup

Once integrated with SSO, you can control what new users to your organization have access to.  Our options include:

  • All of your users can access CardBoard.  They will receive the Collaborator role. (This is the default)
  • All of your users can access CardBoard. Their role is determined by the “role” attribute statement. If using the Okta store, set the “cardboardRole” attribute on your user profile.
  • Only users invited by a community admin (via the Manage Your Community page) can access CardBoard.  Their role is set as part of the invite.

How to log in using SSO

CardBoard supports both Identify Provider and Service Provider initiated SSO, meaning your users can start the log in process from your system or the CardBoard login page.

To use Service Provider initiated SSO, your users enter their domain here and then log in.

Have questions? Ready to integrate?

CONTACT US