Squadcast supports SAML 2.0 based Single Sign On (SSO) login for Microsoft Active Directory users and you can set it for your organisation by following this integration guide.
Pre-requisites
- Account Owner / Administrator account in Squadcast
- A valid Squadcast subscription (Enterprise)
Points To Note
- Only an Administrator / Account owner can enable and configure Microsoft ADFS SSO for an organisation in Squadcast.
- Once enabled, only the Account owner can use email-password based login by default although it can be configured to enable email based login for Administrators as well.
Setup Instructions
- Go to the
Integrations
tab from your Squadcast account sidebar and click on Integrate under SSO card.


- In the opened modal, select the Custom SAML 2.0 tab and click Show configuration guide for Custom SAML 2.0.


- As given in the displayed guide, copy the ACS url . Then log in to your server and go to
Server Manager
.


- Go to
Tools
->ADFS Management


- Click on
Add Relying Party Trust
.


-
Select
Claims Aware
and clickStart
. -
Select
Enter data about the relying party manually
and clickNext


- Enter the
Display name
. ClickNext
.


- Select
Configure Certificate
and clickNext
.


- Select
Enable Support for the SAML 2.0 Web SSO protocol
. Enter the ACS url you copied from Squadcast. ClickNext
.


- Paste the ACS url in
Relying party trust identifier
. ClickAdd
. Then clickNext
.


- Select
Access Control Policy
. ClickNext
.


- In
Ready to Add Trust
. ClickNext
. Then ClickClose
.


- Click
Edit Claim Insurance Policy
.


-
Click
Add Rule
. -
Select
Send LDAP Attributes as Claims
. ClickNext
. -
Give a name. Select Attribute Store as
Active Directory
. And map LDAP attributes to Outgoing Claim Type as shown below. MapE-Mail-Addresses
toE-Mail Address
,Given-Name
toGiven Name
andSurname
toSurname
ClickOk
.


-
Then Click
Add Rule
. SelectSend Claims using Custom Rule
. ClickNext
. -
Give a
Claim rule name
. And enter the followingCustom rule
. ClickOk
.


c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
=> issue(Type = "last_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
- Repeat the Above step and add two more custom rules. Following are the two rules.


c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
=> issue(Type = "first_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);


c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(Type = "email", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
Point To Note
Make Sure the user accounts to be used for SSO have first name, last name and email configured.
-
Click
Apply
. -
In your ADFS management dashboard.Go to
Services->Certificates
. SelectToken Signing Certificate
and ClickView Certificate
. Go toDetails->Copy to File
and and export the Der encoded binary X.509 certificate.










- Now convert the
.cer
file to a.pem
file using the following command in Powershell.
openssl x509 -inform der -in certificatename.cer -out certificatename.pem
- Open the .pem file in text editor. Copy the contents and paste it in Squadcast under
X.509 Certificate
. Then enter theSaml 2.0
Endpoint as https:///adfs/ls


-
Enable
SSO
and clickSave
. -
ADFS SSO is now configured. To test it you can go to https:///adfs/ls/idpinitiatedsignon. Select Your application and sign in with your user account. You will be logged in to Squadcast and an user will be created.




Updated 4 months ago