SAML-based Single Sign-On
Available for: Company plan
Set up by: Company Admin
Teams on the Company plan can set up SAML-based single sign-on (SSO), giving your team members access to RealtimeBoard through an identity provider (IdP) of your choice. You can choose a SAML 2.0 Identity Provider (IdP) to set up authentication within your secure network.
Once SSO is enabled for a certain team, its users cannot:
• log in to RealtimeBoard using a RealtimeBoard password
As a general rule, they are redirected to the login page managed by your identity provider when trying to access RealtimeBoard in their browser. If you have users who are members of several RealtimeBoard accounts, they will need to use the same corporate credentials to access all RealtimeBoard accounts.
Feel free to use any identity provider of your choice. For an easy way to configure SAML in a couple of clicks here are some preset IdPs:
Step 1: Configure your identity provider
First, go to your identity provider's configuration panel and follow the provider's instructions to configure Single Sign-On. Please note, that RealtimeBoard uses SAML 2.0 with the HTTP Redirect binding for SP to IdP and expects the HTTP Post binding for IdP to SP.
Here are the SAML parameters you'll need:
• the launch URL: https://realtimeboard.com/sso/saml
• the NameID containing the user’s email address
• additional attributes to be sent with the SAML assertion: FirstName, LastName, ProfilePicture
• ProfilePicture attribute should have the base64 encoded format
• a signed SAML assertion
Step 2: Enable SSO/SAML in RealtimeBoard
To enable SSO for your RealtimeBoard company, go to the Settings > Security and specify the following values:
1. SAML 2.0 Endpoint URL (HTTP)
2. Public Key x.509 Certificate
3. The list of domains allowed to authenticate via your SAML server. Public domains (e.g. @gmail.com, @outlook.com, etc.) are not allowed
If you want to test SSO without affecting other users of your domain please contact email@example.com to create a test account for you. Only those who configure SSO will be added to this test account.
Step 3: Configure Just In Time Provisioning for new users (optional)
To enable this option, tick the box and choose a team. All newly registered users from the listed domains will be automatically added right to your Company Account to this particular team. Thus, they can use RealtimeBoard from the very start, without waiting for someone to invite them to the team. We also adjust new users' onboarding flow to make sure they are not lost in creating trial team accounts.
Enable SSO/SAML page in the team account settings
Possible Issues and How to Resolve them
If your company is changing its domain name and therefore the email addresses of the end users need a change of their SSO credentials please reach out to our support team for assistance.