Squadcast supports SAML 2.0 based Single Sign On (SSO) login for Microsoft Active Directory users and you can set it for your organisation by following this integration guide.
- Account Owner / Administrator account in Squadcast
- A valid Squadcast subscription (Pro & Enterprise)
Points To Note
- Only an Administrator / Account owner can enable and configure Microsoft ADFS SSO for an organisation in Squadcast.
- Once enabled, only the Account owner can use email-password based login by default although it can be configured to enable email based login for Administrators as well.
- Go to the
Integrationstab from your Squadcast account sidebar and click on Integrate under SSO card.
- In the opened modal, select the Custom SAML 2.0 tab and click Show configuration guide for Custom SAML 2.0.
- As given in the displayed guide, copy the ACS url . Then log in to your server and go to
- Go to
- Click on
Add Relying Party Trust.
Claims Awareand click
Enter data about the relying party manuallyand click
- Enter the
Display name. Click
Configure Certificateand click
Enable Support for the SAML 2.0 Web SSO protocol. Enter the ACS url you copied from Squadcast. Click
- Paste the ACS url in
Relying party trust identifier. Click
Add. Then click
Access Control Policy. Click
Ready to Add Trust. Click
Next. Then Click
Edit Claim Insurance Policy.
Send LDAP Attributes as Claims. Click
Give a name. Select Attribute Store as
Active Directory. And map LDAP attributes to Outgoing Claim Type as shown below. Map
Add Rule. Select
Send Claims using Custom Rule. Click
Claim rule name. And enter the following
Custom rule. Click
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"] => issue(Type = "last_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
- Repeat the Above step and add two more custom rules. Following are the two rules.
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"] => issue(Type = "first_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "email", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
Point To Note
Make Sure the user accounts to be used for SSO have first name, last name and email configured.
In your ADFS management dashboard.Go to
Token Signing Certificateand Click
View Certificate. Go to
Details->Copy to Fileand and export the Der encoded binary X.509 certificate.
- Now convert the
.cerfile to a
.pemfile using the following command in Powershell.
openssl x509 -inform der -in certificatename.cer -out certificatename.pem
- Open the .pem file in text editor. Copy the contents and paste it in Squadcast under
X.509 Certificate. Then enter the
Saml 2.0Endpoint as https://<Your Domain Name >/adfs/ls
ADFS SSO is now configured. To test it you can go to https://<Your Domain Name>/adfs/ls/idpinitiatedsignon. Select Your application and sign in with your user account. You will be logged in to Squadcast and an user will be created.
Updated about a month ago