LogoLogo
HomepageSign Up
  • Product Docs
  • API Docs
  • Changelog
  • Onboarding checklist
  • USE CASE
    • Request screen recordings
      • Screen recording experience
        • Remove countdown before recording starts
      • Collection methods
      • Browser compatibility
      • Metadata collected
      • Capture console logs and network
      • Internationalization
      • Notifications
      • AI Suggest
      • AI transcript & summary
    • Send screen recordings
      • Share recordings
      • Send recordings with a GIF preview
      • Editing video
      • Chrome extension
        • Troubleshoot
    • Live screen sharing & video call
      • Live sessions recording and triggers
      • Live screensharing VS co-browsing
  • INTEGRATIONS
    • Intercom
      • Install and set up
      • Messenger editor (recommended)
      • Home messenger
        • Customize the call-to-action text in Intercom
      • Conversation sidebar
      • Operator
        • Customize the call-to-action text
      • Embed videos in Help Center
      • Analytics
    • 🟢Zendesk
      • Install and set up
      • Ticket editor
        • Change text content inserted in Zendesk editor
      • Zendesk forms
      • Zendesk auto-reply
      • Zendesk macros
      • Forward recordings to Zendesk
      • Analytics
    • 🟣Help Scout
      • Screen recording
      • Content library
    • 🔵Gist
    • 🟢Freshdesk
      • Freshdesk Portal
      • Analytics
    • 🟢Freshchat
    • Chrome extension
    • Slack
    • Installing Screendesk script
  • Settings
    • Billing
      • Cancelling your plan
    • User management
      • User roles and permissions
      • Transferring Account Ownership
    • Personal settings
    • Customization
      • White label
      • Customize live rooms
      • Customize recorder
  • Security
    • Security features
      • Storage Location
      • Hide sensitive data
      • Two-factor authentication
      • Remote log out
      • Auto deletion of recordings
      • Restrict access to recordings
      • SAML SSO
      • SCIM
Powered by GitBook
On this page
  • Setting Up SAML SSO with Google Workspace
  • Setting Up SAML SSO with Okta
  • Setting Up Custom SAML Providers
  • Testing and Validation
  • Required Data Attributes
  • Creating end-user accounts
  • ​Removing accounts
  • Controlling access

Was this helpful?

Export as PDF
  1. Security
  2. Security features

SAML SSO

PreviousRestrict access to recordings

Last updated 1 year ago

Was this helpful?

SAML SSO is available for . If interested, please reach out to sales@screendesk.io

This document guides you through the process of setting up Single Sign-On (SSO) for Screendesk using SAML (Security Assertion Markup Language) with popular Identity Providers (IdPs) like Google and Okta, as well as custom SAML providers.

Prerequisites

  • Administrative access to Screendesk's admin panel.

  • Administrative access to your IdP (Google Workspace, Okta, or other SAML providers).

Key terms

  • Service Provider (SP): Screendesk, which will be configured to authenticate users via SSO.

  • Identity Provider (IdP): The system (like Google, Okta) managing user identities and login credentials.

  • Assertion Consumer Service (ACS) URL: The endpoint in Screendesk where SAML responses are sent.

  • Entity ID: A unique identifier for the SP (Screendesk) in the SAML protocol.

Setting Up SAML SSO with Google Workspace

Step 1: Configure Google as IdP

  1. Access Google Admin Console: Go to your Google Workspace admin dashboard.

  2. Add Screendesk as a SAML Application: Navigate to Apps > SAML apps, and click on '+ Add App' > 'Add custom SAML app'.

  3. Google IdP Information: Note down the SSO URL and Entity ID. Download the IdP certificate.

Step 2: Configure Screendesk

  1. Access Screendesk Admin Panel: Log in to your Screendesk admin account.

  2. Enter SAML Details: Go to the SAML SSO settings page.

    • SSO Domain: Enter your email domain (adrien@screendesk.io = screendesk.io).

    • IDP Entity ID: Paste the Google Entity ID.

    • Single Sign-On URL: Paste the Google SSO URL.

    • IDP Certificate: Upload the Google certificate.

Step 3: User Access and Attribute Mapping

  1. Setup Access: Assign users or groups in Google Admin who can access Screendesk.

  2. Attribute Mapping: Ensure that the user attributes in Google match those expected by Screendesk.

Setting Up SAML SSO with Okta

Step 1: Add Screendesk in Okta

  1. Access Okta Admin Dashboard: Navigate to your Okta admin console.

  2. Create a New App: Choose 'Applications' > 'Create App Integration' > 'SAML'.

  3. Configure SAML Settings: Follow the setup wizard, input the ACS URL, and Entity ID from Screendesk.

Step 2: Configure Screendesk

  1. Enter Okta SAML Details in Screendesk's SAML SSO settings, similar to the Google setup.

Troubleshooting

  • Verify that the ACS URL and Entity ID in Okta match those provided by Screendesk.

Setting Up Custom SAML Providers

For custom SAML providers, the process involves similar steps. Ensure you have the ACS URL, Entity ID, and the IdP certificate from your custom provider to input into Screendesk's SAML settings.

Testing and Validation

After configuration, test the SSO login process:

  1. Log out of Screendesk.

  2. Access Screendesk: Attempt to log in via your IdP.

  3. Verify Successful Login: Ensure that the SSO process completes without errors.

Troubleshooting

  • If login fails, ensure the Entity ID and ACS URL in Google match those in Screendesk.

Required Data Attributes

For a successful integration and optimal user experience with SAML SSO, Screendesk requires the following user data attributes from the Identity Provider (IdP):

  1. Email: The user's email address. It's used as the primary identifier for user accounts in Screendesk.

  2. First Name: The user's first name.

  3. Last Name: The user's last name.

These attributes are essential for account creation and management in Screendesk. Ensure that your IdP is configured to release these attributes to Screendesk during the SAML authentication process.

Creating end-user accounts

To add members, create accounts for them in your IdP. The first time a new member logs in to Screendesk via the IdP, a Screendesk account will be created for them via automatic IdP provisioning. The user will have access to organization resources as an organization member.

Set-up requires lower case email addresses. Do not use mixed case email addresses.‌

​Removing accounts

Removing a member from the IdP will prevent the user from being able to sign in to the corresponding Screendesk account, but will not remove the account from Screendesk. We advise also removing the account from the Screendesk account.

Controlling access

Once you have set up SAML SSO, the onus is on the IdP to control who can access your Screendesk account.

Enterprise plans