Single Sign On (SSO)

Enterprise customers have the option to integrate CardBoard with your organization’s Identity Provider using SAML, letting your users log in securely and easily using systems they already know.

How to get started

If you use Okta, CardBoard is on the Okta app store! Otherwise, we can provide you with all the information you need to connect your SAML system with CardBoard.

Either way, we’ll need a few details from you as well; specifically

  • SAML issuer ID (unique identify of your Identify Provider)
  • X.509 certificate or the fingerprint from the certificate
  • The SSO URL of your Identify Provider (optional)

Send this information to support@cardboardit.com to get started using SSO

CardBoard SSO Parameters

You may need these values to set up SSO with CardBoard on your side.

Single Sign On URL
https://app.cardboardit.com/users/saml/auth

Recipient URL
https://app.cardboardit.com/users/saml/auth

Destination URL
https://app.cardboardit.com/users/saml/auth

Audience Restriction
https://app.cardboardit.com/users/saml/metadata

Default Relay State
https://app.cardboardit.com/

Name ID Format
EmailAddress

Signature Algorithm
RSA_SHA256

Digest Algorithm
SHA256

 

Attribute Statements

firstName
The first name of the user

lastName
The last name of the user

firstLastName
The first and last name of the user

role
“collaborator” or “viewer” (optional)

New User Setup

Once integrated with SSO, you can control what new users to your organization have access to.  Our options include:

  • All of your users can access CardBoard.  They will receive the Collaborator role. (This is the default)
  • All of your users can access CardBoard. Their role is determined by the “role” attribute statement. If using the Okta store, set the “cardboardRole” attribute on your user profile.
  • Only users invited by a community admin (via the Manage Your Community page) can access CardBoard.  Their role is set as part of the invite.

How to log in using SSO

CardBoard supports both Identify Provider and Service Provider initiated SSO, meaning your users can start the log in process from your system or the CardBoard login page.

To use Service Provider initiated SSO, your users enter their domain here and then log in.