SAML2 Configuration

Setting up SAML2 integration is a multi-step process that involves effort from both the customer’s and MeetingPulse’s engineering teams. It consists in working with the Identity Provider (IdP) that the customer handles and authorizing this provider in MeetingPulse, which acts as a Service Provider (SP).

Setting up your SAML2 SSO

Prerequisites

• A third-party Identity provider (OKTA, Azure, etc.)

• A tenant created in the identity provider environment

Set-up 

• Use our manifest (https://app.meet.ps/api/auth/saml2 ) to set up support for our SP at your side.

• Sets up the integration using the UI specific to your Identity Provider. Steps will vary depending on the third party; below is an example of an Azure setup.

• Once the setup is completed on your end, please provide a link to your IdP manifest.

• We will then white-list your integration to finalize the SAML Integration on our end.

Testing 

• You should be able to see MeetingPulse in your list of apps in your SAML portal.

• Alternatively, you can test the integration by visiting the login link:
  https://app.meet.ps/api/auth/saml2/login/<customer-alias>
  * customer alias will be provided by us

Example - SAML2 SSO with MS Azure

Prerequisites

• A Microsoft Azure account

• A tenant created in the Azure environment

• Access to Azure Active Directory

Set-up 

1. Login to your Azure account as an Admin; verify that you have your correct tenant.

1. Go to >> Enterprise applications >> Create your own application >>  Integrate any other application you don't find in the gallery to create a new custom integration.

2. Navigate back to Enterprise applications to find the newly-created application. It will have a quick-start list of options to do.

3. Make sure to set up the list or groups of users who should have access to use your application, as it’s set to restricted by default.

4. Go to Set up Single Sign-On with SAML (fig. 1), and upload the MeetingPulse XML file from https://app.meet.ps/api/auth/saml2 for basic configuration.

   Alternatively, you can set up the configuration manually, specifically:

• set up the Entity ID / Identifier to https://app.meet.ps/api/auth/saml2

• set up the Reply URL next to it to https://app.meet.ps/api/auth/saml2/assert

   

1. In the Attributes & Claims section (fig. 2), make sure to set up the following:

• Set the Email attribute to your user emails.

• Set FirstName and LastName to match the first and last names of your users. (You can also define FirstName only, LastName is optional)

• Make sure that no namespace is set for the attributes mentioned above (Email, FirstName, LastName).

• Set a Unique user identifier to a Persistent format. (Recommended “user.objectid” as a source attribute).

• Finally, share the App Federation Metadata URL with MeetingPulse Support to whitelist the integration.

Open

Fig. 1 - example SAML2 config. Note: this is using test domains.

Open

Fig. 2 - Attributes and Claims configuration.