Overview
Sococo users can configure Single Sign-on (SSO) for their Sococo application using Security Assertion Markup Language (SAML). It allows users to have a custom URL, and use their company email address to login.
Prerequisites
Supported Environments
The Sococo SAML/SSO option supports the following two environments:
- Google Accounts
- Microsoft Azure (note: Microsoft ADFS is different and unsupported)
Solution
The SAML/SSO option allows users within an organization to log in via any SAML2 compliant identity provider (such as Active Directory, Okta, OneLogin, etc.) that they may have set up within their organization. It also allows an account to have their personalized address for Sococo, i.e., <you>.sococo.com instead of app.sococo.com.
To configure SAML/SSO, please follow the steps below.
- Go to the
menu icon at the top left of Sococo and select Settings.
- Select Organization Settings and then expand the Authentication section.
- If your organization has been properly configured by Sococo, you will see the following message highlighted in green color, providing your organization's custom login URL.
If you see the following yellow message to request your custom login URL, please contact Support to have a custom URL provisioned for your Sococo organization. Please provide the URL that you would like to use in form <custom_part>.sococo.com. - Select CONFIGURE for the SAML Authentication option.
- Provide appropriate input into the Configure SAML Authentication dialog, as explained below.
You can review the following instructions:
- Enable user access with SAML authentication.
- Signature Algorithm: Select the appropriate signature algorithm for your identity provider.
- ACL: Enter the SAML 2.0 endpoint from your identity provider in this field.
- Cert: Paste the entire public x.509 Certificate from your identity provider into this field.
- Select Complete Configuration to complete the process.
Note: You can have multiple Authentication methods enabled simultaneously (e.g., using SAML Authentication along with Sococo's Built-in Authentication). In this case, selecting Make Primary for an authentication method will determine which of the methods is presented as the primary login option to users. Other methods will then be available via the more ways to login option on the login screen. If you want users to always login using SAML/SSO, click the Configure button next to Sococo's Built-In Authentication and toggle it from Enabled to Off.
If you want both authentication methods enabled, please note that email invites to join a space cannot be claimed if SAML is set to primary. To onboard new users via invites, Sococo's Built-in Authentication should be made the primary authentication method. SAML users can sign in using the "More ways to login" option.
Testing
End-User Account Binding
Upon changing authentication methods, Sococo will send an email to current members of the Sococo organization that will help them bind or merge identities across previous and new authentication providers.
End-User Login
End users will experience the following when logging into Sococo.
- Users for your organization will log in to Sococo via the custom URL configured for your organization.
- The primary authentication method will be prominently displayed with the authentication method with the Make Primary option selected during configuration.
- Other configured authentication methods are accessible via the More Ways to Login link on the login screen.