Skip to main content
Sign in
Dansk Deutsch Nederlands

Implementation SSO - Workspace

  • Updated

You can use Single Sign-on (SSO) via a SAML2 implementation, provided this functionality has been enabled for your workspace. You set up SSO for the workspace and/or mobile app separately. Want to set up SSO for the mobile app? Take a look here.

Good to know:

  • In the examples below, we will assume Microsoft Entra ID as an identity provider (IdP).
  • You will probably need to involve your company's IT department in enabling SSO. They will probably need to do the necessary configuration on their end.
  • If you enable SSO, you can no longer manage users through our platform. This goes through the IdP. Only exception to this is, for example, an external person who is not in the IdP, such as an editor of the podcast.
  • The implementation of SSO makes extensive use of groups within Springcast PRO. You can find out more about groups within the workspace here.
  • When setting up SSO, you also specify the domain. This domain must be unique across all workspaces in Springcast PRO. So you cannot link 2 workspaces to 1 domain.
  • Currently, only the workspace owner/owner can set up SSO.

IdP preparations

A number of preparations are needed within the identity provider . These preparations will probably have to be done by the IT department.

Groups

Access to Springcast PRO Workspaces or the Mobile App is done on the basis of groups. The groups you create within the IdP can be matched with the groups within Springcast PRO. Every time a user logs in, the groups are set.

There are a number of default groups within Springcast PRO Workspaces. These groups determine which functionality/abilities the respective user has within the workspace. More information about these groups can be found here. Our advice is to create these groups within the IdP as well. For example:

  • springcast_pro_workspaces_publishers
  • springcast_pro_workspaces_teammembers
  • springcast_pro_workspaces_finances
  • etc. etc.

You can later match/map the group ids with the groups within Springcast PRO Workspaces. You do this in the SSO Settings.

Users

Place the user(s) in the relevant group. In addition, the following information is required per user: Display name, First name, Last name, User principal name, Email. This information is provided via claims when logging in. You can use any other fields for this - when creating the application in the IdP.

Creating application in the IdP

  • Are you using Microsoft Entra ID? Continue with this guide: Implementation SSO: Microsoft
  • Are you using Okta? Continue with this guide: Implementation SSO - Okta
  • Are you using something else? You can continue with either one, since it contains the information that you need to the implementation, although it could be that some of the naming/steps are different in the IdP you are using.

Get started!

SSO is now configured and can be used by your organisation's employees. Tip: when testing, do so in a different browser or in an incognito window, for example. In the unlikely event of an error in the settings, you will still be logged in to PRO and can make the necessary adjustments.

In the unlikely event of problems, please contact us!

 

Related articles