Single Sign On (SSO)
Enterprise customers have the option to integrate CardBoard with your organization’s Identity Provider using SAML, letting your users log in securely and easily using systems they already know.
How to get started
If you use Okta, CardBoard is on the Okta app store! Otherwise, we can provide you with all the information you need to connect your SAML system with CardBoard.
Either way, we’ll need a few details from you as well; specifically
- SAML issuer ID (unique identify of your Identify Provider)
- X.509 certificate or the fingerprint from the certificate
- The SSO URL of your Identify Provider (optional)
Send this information to support@cardboardit.com to get started using SSO
CardBoard SSO Parameters
You may need these values to set up SSO with CardBoard on your side.
-
Single Sign On URL
Recipient URL
Destination URL
Audience Restriction
Default Relay State
Name ID Format
Signature Algorithm
Digest Algorithm
-
https://app.cardboardit.com/users/saml/auth
https://app.cardboardit.com/users/saml/auth
https://app.cardboardit.com/users/saml/auth
https://app.cardboardit.com/users/saml/metadata
https://app.cardboardit.com/
EmailAddress
RSA_SHA256
SHA256
Attribute Statements
-
firstName
lastName
firstLastName
role
-
The first name of the user
The last name of the user
The first and last name of the user
“collaborator” or “viewer” (optional)
New User Setup
Once integrated with SSO, you can control what new users to your organization have access to. Our options include:
- All of your users can access CardBoard. They will receive the Collaborator role. (This is the default)
- All of your users can access CardBoard. Their role is determined by the “role” attribute statement. If using the Okta store, set the “cardboardRole” attribute on your user profile.
- Only users invited by a community admin (via the Manage Your Community page) can access CardBoard. Their role is set as part of the invite.
How to log in using SSO
CardBoard supports both Identify Provider and Service Provider initiated SSO, meaning your users can start the log in process from your system or the CardBoard login page.
To use Service Provider initiated SSO, your users enter their domain here and then log in.