Setting up an Organisation Workspace SSO on Auth0

As an Organisation Admin, you can set up and configure an Organisation Workspace SSO. This will allow you to manage the authentication and access control for multiple users within an organisation. For example, the SSO can simplify the login process by allowing the users to sign in only once and access multiple applications (including Pigeonhole Live) without the need to enter the login credentials again.

In this documentation, we will navigate through the following steps to help you set up your Organisation Workspace SSO to prevent unauthorized access to confidential meetings and events.

  • Navigation to Organisation SSO Setup Page
  • Create an Application on Auth0
  • Create a User on Auth0
  • Add Organisation SSO Profile

Let's get started 🚀

Navigation to Organisation SSO

Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.

image24.png

Step 2: Select your Organisation name from your workspace selection list.

image9.png

Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.

image18.png

Step 4: Select the Single Sign-On option from the Organisation Settings which allows you to configure access to your workspace via the company‘s identity provider (Auth0).

image17.png

Step 5: Copy the Callback URL to the clipboard. 

The callback URL is a redirect_uri request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Auth0. 

Note: redirect_uri: Holds a URL. A successful response from this endpoint results in a redirect to this URL.

image15.png

Create an Application on Auth0

Creating an application in the Auth0 Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up organisation SSO for your workspace using Pigeonhole Live. 

This also allows you to configure a SAML2 Web Application add-on, a widely used mechanism for authentication, authorization, and SSO implementation in web applications.

Step 1: Sign in to your Auth0 account and you will be navigated to its dashboard.

Click on the Applications dropdown list from the left menu of the interface and select the Applications option.

image19.png

Step 2: Click on the + Create Application from the top-right corner of the interface.

image13.png

A modal window will appear where you will need to enter the application name and select an application from the following types:

Applications Description
Native Mobile, desktop, or hybrid apps that are running natively on a device (e.g., iOS, Android) are included in these applications.
Single Page with Applications JavaScript apps are included in these applications that execute most of their user interface (UI) in a web browser, interacting with a web server using APIs (e.g., AngularJS + Node.js or React).
Regular Web Applications These are traditional web applications that execute most of their application logic on the server (e.g., ASP.NET, Express.js).
Machine-to-Machine Applications Non-interactive applications such as daemons, command-line tools, IoT devices, or services that are running on your back end are included in these applications.

For the demonstration purpose, we have selected the Regular Web Application (Pigeonhole Live). 

Step 3: After entering the application name and selecting the Regular Web Applications option, click on the Create button.

image5.png

Configure Application

After creating an application, you will need to configure the application by pasting the callback URL to establish a secure and authorised communication link between Pigeonhole Live and Auth0 and mapping within Auth0 so that it sends the correct user profile attributes to the application(s).

Step 1: Select the Settings tab under the application description.

image1.png

Step 2: Paste the Callback URL in the Application Login URL and Allowed Callback URLs fields copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.

  • App login URL: A login URL is the locator of a resource (Which can be used to locate the address of a resource on the internet).
  • Allowed Call-back URL: A security measure to specify the URLs to which an authentication service, like Auth0, can redirect users after successful authentication.

Note: In the Allowed Callback URLs field, you can enter multiple valid URLs by comma-separating them. Except for custom URL schemas for native clients, all callbacks should use protocol (https://).

image2.png

Step 3: Click on the Save Changes button.

image16.png

A toast message will display on the top right corner of the interface notifying you about successfully saving your changes. 

image7.png

Step 4: Select the Addons tab and Click on the SAML2 WEB APP option as it provides cross-domain single sign-on (SSO).

Addons: These are plugins associated with an Application in Auth0. These are SAML or WS-FED web apps the application uses, which Auth0 generates access tokens for.

image22.png

Step 5: A modal window will appear. Click on the Settings tab from the top menu bar to map the user attributes such as name, and email ID of the Auth0 to the Pigeonhole Live.

For example, here is the code snippet to update the Settings with the following mapping: 

{
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}

image14.png

Step 6: To activate the Addon, click on the Enable button and then hit the Save button.

Recorded_screen_1_V1 (4).gif

Step 7: Select the Usage tab and click on the Download option to download the Identity Provider Metadata file used by Pigeonhole Live to send SAML-based authentication requests to Auth0.

image11.png

Note: If you already have a user on Auth0, you can directly jump onto the last section of this document “Add Organisation SSO Profile”, or else follow the steps in the immediately below section to create a user on Auth0.

Create a User on Auth0

Creating a user (admin) on Auth0 helps in managing user identities such as password resets, blocking and deleting users, and creating and provisioning. 

Step 1: Click on the User Management option from the left menu of the interface and select the Users option.

image4.png

 

Step 2: Click on the + Create User button.

image12.png

A modal window will appear where you must enter the following information.

Fields Description
Email The Organisation Admin’s email address.
Password The Organisation Admin’s password. 
Repeat Password Confirm password.
Connection The database connection associated with an application is used to authenticate the user.  

Step 3: After entering the required details, click on the Create button.

image6.png

Add Organisation SSO Profile

After creating an application and user in Auth0, you can add an SSO profile for your organisation that lets you log into the application server and Data Center with Auth0 credentials.

Step 1: From the Single Sign-On Page, click on the Add Organisation SSO profile button.

image21.png

Step 2: A modal window will appear on the screen, where you will need to enter the SSO Profile name and upload the IdP metadata file. 

image20.png

Step 3: Click on the Test configuration button to validate the integration between Auth0 and the SSO setup in Pigeonhole Live is functioning correctly.

image8.png

Step 4: You will be redirected to the Auth0 login page. Enter the Organisation Admin credentials (the user you created on Auth0), and click on the Continue button.

image25.png

You will be again redirected to Pigeonhole Live with a Single sign-on configuration message where you need to click on the Apply new configuration button to add the Workspace Auth0 SSO.

Note: If you wish to discard the new set-up and revert to your old SSO configuration, select Keep existing configuration. 

image23.png

This will complete the Organisation Workspace SSO setup by adding a new SSO profile.

image10.png