Cloud Portal | Configure Single Sign-on for Synamedia Dashboard Access

Cloud Portal

getting started

Cloud Portal User Admin Guide

Developer Portal Access

Configure Single Sign-on for Synamedia Dashboard Access

Best Practices for Using and Storing M2M Application Credentials

Software and Documentation Download Portal

Cloud Portal User Admin Guide

Developer Portal Access

Software and Documentation Download Portal

Synamedia Documentation

Cloud Portal

getting started

How to Guides

Configure Single Sign-on for Synamedia Dashboard Access

How it works

Configuring SSO for the Dashboard requires you to work with Synamedia Support to configure a connection to the customer account.

Configuring SSO for the Dashboard also enables SSO for the following public Synamedia sites:

Synamedia Developer portal (https://developer.synamedia.com/)
Synamedia Docs (https://docs.account.synamedia.com/)

Benefits of using SSO

Utilizing Single Sign-On (SSO) enables users to access Synamedia Dashboards by authenticating through the customer's Identity Provider (IdP). This streamlines the login process, enhances security, and improves user experience by eliminating the need to remember and manage multiple passwords.
Deactivating users in the customer's IdP will also deactivate them from the Synamedia account.

User experience

When an authorized user goes to log in to the Dashboard, they enter their email address for a registered domain (for example user@example.com) into the Synamedia Login page, and then are redirected to their organization IdP to complete authentication.

Adding an SSO connection will restrict Account Members from logging in using the default authentication method.

Configure SSO for the Dashboard

Configuring SSO for the Dashboard requires a series of steps shared between you and Synamedia Support.

Share IdP configuration data

Open a ticket with Synamedia Support to share your IdP’s configuration data so they can set up the SSO configuration. Include the following information when you submit your ticket:

Email domain(s) you’d like to associate with the SSO configuration
Authentication protocol (SAML, OIDC)
Additional IdP-specific information as described bellow

The additional configuration steps required depend on the IdP and authentication protocol you’d like to use

Microsoft Azure AD

Create a new Enterprise Application and provide Synamedia's Support with the following:
- ClientID and ClientSecret
- Active Directory Domain name
The Microsoft identity platform version that your IdP is using (Azure AD v1 / Microsoft identity platform v2)
Your company email domain name (for example: acme.com) (Multiple domain names can be configured)

OpenID Connect

Register an application (client) with the IdP with the following properties:
- Callback URL: https://auth.synamedia.com/login/callback
Provide Synamedia Support with the following:
- Application (client) ID
- Issuer URL or OIDC metadata endpoint (for example, https://{idpDomain}/[...]/.well-known/openid-configuration)
- Your company email domain name (for example: acme.com) (Multiple domain names can be configured)

SAML

Provide Synamedia Support with the following:

The sign-in URL (for example: https://{idpDomain}/login).
The sign-out URL (for example: https://{idpDomain}/logout).
a X509 Signing certificate (SAML server public key encoded in PEM or CER format).
The SAML Request Binding Type (Either HTTP-Redirect or HTTP-Post)
Your company email domain name (for example: acme.com) (Multiple domain names can be configured)

Synamedia Support will provide you with the following:

Entity ID
Callback URL
Certificate for the SAML Provider, which will receive the signed assertion to validate the signature.

Set up SSO connection

The Synamedia Support team uses the configuration data you provide to complete initial setup of the SSO connection.

The SSO connection will not be enabled at this point.

Test SSO connection

When initial setup of the SSO connection is complete, the Synamedia Support team will want to test the SSO connection to ensure the configuration data was correct.

Testing the connection must be preformed by Synamedia support along side with a customer user that can verify the login.

Important: During the test users will not be able to login to Synamedia sites, so it is essential to notify the users about this test and possibly schedule it to a time that will have the least impact.

Enabling SSO connection for active users

This step can be skipped if there are no customer active users

Once the connection was tested and verified the connection can be enabled.

Before enabling the connection you should let all the existing users know about the upcoming change and the consequences. Synamedia Support have an email template that can be sent out to the users. The main things to know are:

All the exiting users will receive an invitation to re-signup to the Synamedia Cloud Portal via SSO.
The invitation will preserve the same roles and permissions that the user already had.
Existing users that belong to the configured SSO email domain will not be able to login until they accept and re-signup with the new invitation.

Once you are ready, let Synamedia Support know and schedule a time that works for you to finally enable the connection.