Summary
SAML Single Sign-on (SSO) enables you to log in to Content Workflow with credentials managed by your organization’s Identity provider (e.g., Microsoft Azure, Google Suite).
Content Workflow supports SP-initiated SAML authentication with HTTP POST binding. Ensure your identity provider supports HTTP POST bindings.
Who?
This article applies to customers on the Stand Alone Content Workflow plan.
Once enabled users with the Portal Settings or Manage Login Configuration permissions can create and manage SAML SSO profiles and flows.
Why?
Bynder offers the best security options for all users. This specialty plan is no different.
Implementing SAML SSO can save a lot of time for users and administrators. SAML SSO's primary role in online security is that it enables you to access multiple web applications using one set of login credentials.
With SSO, anyone in your network can simply click the SSO button on the portal's login page to quickly login.
How?
Content Workflow requires the First name, last name, and email attributes to work. Start by making sure these attributes are set in your identity provider.
|
Information |
Attribute claim name |
|---|---|
|
Email address (used to identify users) |
|
|
First Name |
firstname |
|
Last Name |
surname |
The default role is applied to new registrants when they register on Content Workflow via SAML SSO. Users can still be updated inside the Content Workflow account via the People & Groups tab.
- Log into your Content Workflow account > Click your User settings dropdown > Account Settings.
- Click on the SSO tab.
- If you don’t see the SSO tab, this feature may not be available in your current plan. Contact customer support for assistance.
- If you don’t see the SSO tab, this feature may not be available in your current plan. Contact customer support for assistance.
- Click Setup SSO.
- Copy the information in the following fields and add them to your Identity provider:
- Service Provider ACS URL
- Service Provider Identifier
Setting Up SSO In Microsoft Azure
- To add Content Workflow as a non-gallery app in Microsoft Azure, follow the setup instructions in the Azure AD interface. This will create the application and allow you to set up the information on the next screen.
-
Map Attributes Between Microsoft Azure and Content Workflow
Microsoft Azure Terminology Content Workflow Terminology Identifier (Entity ID)
Service Provider Identifier Reply URL Not Required Sign-on URL Service provider ACS URL Relay State Not Required Logout URL Not Required - Note: Content Workflow uses 'email address' as the unique identifier. If a user's email address changes in their Identity provider Content Workflow will create a new user when they login to the platform.
- Copy the following fields for the identity provider issuer:
Microsoft Azure Field Name Content Workflow Field Name Login URL SAML 2.0 Endpoint (HTTP) Azure AD Identifier Identity provider issuer
Validating SAML SSO Settings In Microsoft Azure
- After configuring all fields, click Validate SAML Settings.
- You’ll be redirected to the Microsoft Azure portal to confirm the setup. A successful login will allow SSO activation for the account.
When activated, SAML SSO will require all users to log in using SAML SSO, notify all existing users by email, and allow new users to sign up via the identity provider.
Disabling SAML SSO
- Go to Account Settings and navigate to the SAML SSO tab.
- Click Turn off SAML SSO.
When disabled:
- Users without a password will be prompted to set one.
- All users will receive an email notification.
- Users will need to log in with their username and password.
Related Articles
How To Configure SAML Single Sign-on (SSO)
Level: Expert
Expert-level articles are for users who have significant prior Bynder knowledge. These articles require you to know a lot of Bynder information and may also require higher-level portal rights to accomplish the task outlined within the article.