Configuring Sococo SAML/SSO
The SAML/SSO option allows users within an organization to log in via any SAML2 compliant identity provider (such as Active Directory, Okta, OneLogin, ...many others) that they may have setup within their organization. It also allows an account to have their own address for Sococo, ie you.sococo.com rather than app.sococo.com.
These steps are executed by the customer (Administrator privileges are required).
1. An Admin can go to the ≡ menu icon at the top left of Sococo > Settings > Organization Settings and then expand the Authentication section. If your organization has been configured properly by Sococo, you will see the following message highlighted in green:
If you see the following yellow message, you must contact your Sococo account manager to have a custom URL provisioned for your Sococo organization. If you do not know who your account manager is, Sococo Support can connect you with the appropriate person to set this up for you.
2. Select Configure for the SAML Authentication option.
3. Provide appropriate inputs into the Configure SAML Authentication dialog:
a. Signature Algorithm: select appropriate signature algorithm for your identity provider.
b. ACL: Enter the SAML 2.0 endpoint from your identity provider in this field.
c. Cert: Paste the entire public x.509 Certificate from your identity provider into this field.
4. Turn on Enabled
5. Select Complete Configuration
Note: You can have multiple Authentication methods enabled simultaneously (e.g. SAML Authentication and Sococo's Built-in Authentication). In this case, selecting "Make Primary" for an authentication method will determine which of the methods is presented as the primary login options for users. Other methods will then be available via the "more ways to login" option on the login screen. If you want users to always login using SAML/SSO, click the "Configure" button next to "Sococo's Built-In Authentication" and toggle enabled to off.
End-User Account Binding
Upon changing authentication methods, Sococo will send an email to current members of the Sococo organization that will help them 'bind' or merge identities across previous and new authentication providers.
End users will experience the following when logging into Sococo.
1. Users for your organization will login to Sococo via the custom URL configured for your organization.
2. The primary authentication method will be prominently displaced (i.e. the authentication method with Make Primary was selected during configuration).
3. Other configured authentication methods are accessible via the More Ways to Login link on the login screen)