As an Organisation Admin, you can add an Attendee SSO profile so that the participants can seamlessly access an event without going through the repetitive login process across different applications on the attendee’s end. This not only enhances convenience but also ensures accountability by verifying the identification of each attendee.
In this documentation, we will navigate you through the following steps to help you set up your Organisation Attendee SSO to prevent unauthorized access to confidential meetings and events.
- Navigation to Organisation SSO
- Add Attendee SSO Profile
- Create an Application on Auth0
- Edit Attendee SSO Profile
Let's get started 🚀
Navigation to Organisation SSO
Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.
Step 2: Select your Organisation name from your workspace selection list.
Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.
Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Auth0).
Add Attendee SSO Profile
Adding an attendee SSO Profile ensures a seamless login experience for attendees while maintaining security measures specified by the organisation. It creates a more efficient, user-friendly, and secure authentication process for attendees accessing interactive events and engagement features.
Step 1: From the Single Sign-On Page, click on the Add attendee SSO profile button.
Step 2: Copy the Callback URL to the clipboard.
The callback URL is a redirect_uri request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Auth0.
Note: redirect_uri: Holds a URL. A successful response from this endpoint results in a redirect to this URL.
Create an Application on Auth0
Creating an application in the Auth0 Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up attendee SSO for your workspace using Pigeonhole Live.
This also allows you to configure a SAML2 Web Application addon, a widely used mechanism for authentication, authorisation, and SSO implementation in web applications.
Step 1: Sign in to your Auth0 account and you will be navigated to its dashboard. Click on the Applications dropdown list from the left menu of the interface and select the Applications option.
Step 2: Click on the + Create Application from the top-right corner of the interface.
A modal window will appear where you will need to enter the application name and select an application from the following types:
Applications | Description |
Native | Mobile, desktop, or hybrid apps that are running natively on a device (e.g., iOS, Android) are included in these applications. |
Single Page with Applications | JavaScript apps are included in these applications that execute most of their user interface (UI) in a web browser, interacting with a web server using APIs (e.g., AngularJS + Node.js or React). |
Regular Web Applications | These are traditional web applications that execute most of their application logic on the server (e.g., ASP.NET, Express.js). |
Machine-to-Machine Applications | Non-interactive applications such as daemons, command-line tools, IoT devices, or services that are running on your back end are included in these applications. |
For the demonstration purpose, we have selected the Regular Web Application (Pigeonhole Live).
Step 3: Enter the application name and select the Regular Web Applications option, click on the Create button.
Configure Application
After creating an application, you will need to configure the application by pasting the callback URL to establish a secure and authorised communication link between Pigeonhole Live and Auth0 and mapping within Auth0 so that it sends the correct user profile attributes to the application.
Step 1: Click on the Settings tab under the application description.
Step 2: Paste the Callback URL in the Application Login URL and Allowed Callback URLs fields copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.
- App login URL: A login URL is the locator of a resource (Which can be used to locate the address of a resource on the internet).
- Allowed Call-back URL: A security measure to specify the URLs to which an authentication service, like Auth0, can redirect users after successful authentication.
Note: In the Allowed Callback URLs field, you can enter multiple valid URLs by comma-separating them. Except for custom URL schemas for native clients, all callbacks should use protocol (https://).
Step 3: Click on the Save Changes button.
A toast message will display on the top-right corner of the interface notifying you about successfully saving your changes.
Step 4: Click on the Addons tab and select the SAML2 WEB APP option as it provides cross-domain single sign-on (SSO).
Addons: These are plugins associated with an Application in Auth0. These are SAML or WS-FED web apps the application uses, which Auth0 generates access tokens for.
Step 5: A modal window will appear. Click on the Settings tab from the top menu bar to map the user attributes such as name, and email ID of the Auth0 to the Pigeonhole Live.
For example, here is the code snippet to update the Settings with the following mapping:
{ "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ] } |
Step 6: To activate the Addon, click on the Enable button and then hit the Save button.
Step 7: Select the Usage tab and click on the Download option to download the Identity Provider Metadata file used by Pigeonhole Live to send SAML-based authentication requests to Auth0.
Edit Attendee SSO Profile
After creating an application in Auth0, you will need to edit an Attendee SSO profile which involves modifying the SAML settings associated with the organisation SSO from Pigeonhole Live.
Step 1: From the Single Sign-On Page, click on the Edit button of your Attendee SSO profile.
Step 2: A modal window will appear on the screen, where you must enter the Attendee SSO Profile name and upload the IdP metadata file.
Step 3: Click on the Save button to save the SAML settings containing your IdP metadata associated with the organisation SSO.
This will complete the Organisation Attendee SSO setup.