Single Sign On
Standard Technical integration scope
Dynamically syncs in real-time
Mirrors your organisational structure
Reduces the administrative burden
By partnering with our engineering team to execute an SSO integration, you can reduce login friction for your users and engage an even wider pool of colleagues in your innovation programme. It also makes it fast and easy to mirror your organisational structure, to run group or geo-specific challenge campaigns for instance, or restrict the visibility of content in a highly controlled way. It also reduces the administrative burden on new starters and leavers, as everything dynamically syncs in real-time.
Our standard SSO integration service includes the following:
- Working with your IT team to enable SP and IdP (if applicable) initiated authentication flows.
- Working with your IT team to enable user-to-group membership control via a SAML assertion.
- Your IT team provide Idea Drop with test user(s) to test the implementation and guarantee it is working as expected for both web and mobile deployments.
SP and IdP initiated authentication
The process for enabling SP-initiated authentication is as follows:
1. Idea Drop (SP) provides necessary metadata information for the standard SSO integration.
2. Your IT team configures IdP service in order to accept Idea Drop (SP) requests and provides Idea Drop (SP) with IdP federation metadata.
a. Your IT team must configure the following mandatory Outgoing Claims:
i. First Name
ii. Last Name
iii. Email address
iv. Group Name (if applicable)
3. Idea Drop (SP) configures SSO service to accept your (IdP) responses.
Group mapping
The process for enabling user-to-group membership control via SAML assertion is as follows:
1. Your IT team must guarantees SAML assertion for Group.
2. Your IT team must prepare a Client Group to Idea Drop Group mapping file.
a. The client group list should not exceed 200 users for standard integration.
3. Idea Drop implements the mapping file into production.
Implementation and testing
1. Your IT team must provide a testing user or if more than a single scenario is tested, multiple test users.
Definitions:
- An SP (Service Provider—Idea Drop) initiated SSO flow is a SSO operation that originates from the SP Security Domain such as Idea Drop’s vanity URL.
- An IdP (Identity Provider—the Client) initiated SSO flow is a SSO operation that originates from the IdP Security Domain such as a local intranet, IdP portal.
Additional work falling outside of the above scope
Any technical requirements or additional requests that fall outside of the explicit scope outlined above would be quoted and billed separately. Additional time may also need to be added to the milestones and delivery dates of the project, should the SSO scope fall outside of this.
