As an Organisation Admin, you can set up and configure an Organisation Workspace SSO. This will allow you to manage the authentication and access control for multiple users within an organisation. For example, the SSO can simplify the login process by allowing the users to sign in only once and access multiple applications (including Pigeonhole Live) without the need to enter the login credentials again.
In this documentation, we will navigate through the following steps to help you set up your Organisation Workspace SSO to prevent unauthorized access to confidential meetings and events.
- Navigation to Organisation SSO Setup Page
- Create an Application on Auth0
- Create a User on Auth0
- Add Organisation SSO Profile
Let's get started 🚀
Navigation to Organisation SSO
Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.
Step 2: Select your Organisation name from your workspace selection list.
Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.
Step 4: Select the Single Sign-On option from the Organisation Settings which allows you to configure access to your workspace via the company‘s identity provider (Auth0).
Step 5: Copy the Callback URL to the clipboard.
The callback URL is a redirect_uri request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Auth0.
Note: redirect_uri: Holds a URL. A successful response from this endpoint results in a redirect to this URL.
Create an Application on Auth0
Creating an application in the Auth0 Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up organisation SSO for your workspace using Pigeonhole Live.
This also allows you to configure a SAML2 Web Application add-on, a widely used mechanism for authentication, authorization, and SSO implementation in web applications.
Step 1: Sign in to your Auth0 account and you will be navigated to its dashboard.
Click on the Applications dropdown list from the left menu of the interface and select the Applications option.
Step 2: Click on the + Create Application from the top-right corner of the interface.
A modal window will appear where you will need to enter the application name and select an application from the following types:
|Mobile, desktop, or hybrid apps that are running natively on a device (e.g., iOS, Android) are included in these applications.
|Single Page with Applications
|Regular Web Applications
|These are traditional web applications that execute most of their application logic on the server (e.g., ASP.NET, Express.js).
|Non-interactive applications such as daemons, command-line tools, IoT devices, or services that are running on your back end are included in these applications.
For the demonstration purpose, we have selected the Regular Web Application (Pigeonhole Live).
Step 3: After entering the application name and selecting the Regular Web Applications option, click on the Create button.
After creating an application, you will need to configure the application by pasting the callback URL to establish a secure and authorised communication link between Pigeonhole Live and Auth0 and mapping within Auth0 so that it sends the correct user profile attributes to the application(s).
Step 1: Select the Settings tab under the application description.
Step 2: Paste the Callback URL in the Application Login URL and Allowed Callback URLs fields copied from Pigeonhole Live’s Single Sign-On page “Set up your identity provider” section.
- App login URL: A login URL is the locator of a resource (Which can be used to locate the address of a resource on the internet).
- Allowed Call-back URL: A security measure to specify the URLs to which an authentication service, like Auth0, can redirect users after successful authentication.
Note: In the Allowed Callback URLs field, you can enter multiple valid URLs by comma-separating them. Except for custom URL schemas for native clients, all callbacks should use protocol (https://).
Step 3: Click on the Save Changes button.
A toast message will display on the top right corner of the interface notifying you about successfully saving your changes.
Step 4: Select the Addons tab and Click on the SAML2 WEB APP option as it provides cross-domain single sign-on (SSO).
Addons: These are plugins associated with an Application in Auth0. These are SAML or WS-FED web apps the application uses, which Auth0 generates access tokens for.
Step 5: A modal window will appear. Click on the Settings tab from the top menu bar to map the user attributes such as name, and email ID of the Auth0 to the Pigeonhole Live.
For example, here is the code snippet to update the Settings with the following mapping:
Step 6: To activate the Addon, click on the Enable button and then hit the Save button.
Step 7: Select the Usage tab and click on the Download option to download the Identity Provider Metadata file used by Pigeonhole Live to send SAML-based authentication requests to Auth0.
Note: If you already have a user on Auth0, you can directly jump onto the last section of this document “Add Organisation SSO Profile”, or else follow the steps in the immediately below section to create a user on Auth0.
Create a User on Auth0
Creating a user (admin) on Auth0 helps in managing user identities such as password resets, blocking and deleting users, and creating and provisioning.
Step 1: Click on the User Management option from the left menu of the interface and select the Users option.
Step 2: Click on the + Create User button.
A modal window will appear where you must enter the following information.
|The Organisation Admin’s email address.
|The Organisation Admin’s password.
|The database connection associated with an application is used to authenticate the user.
Step 3: After entering the required details, click on the Create button.
Add Organisation SSO Profile
After creating an application and user in Auth0, you can add an SSO profile for your organisation that lets you log into the application server and Data Center with Auth0 credentials.
Step 1: From the Single Sign-On Page, click on the Add Organisation SSO profile button.
Step 2: A modal window will appear on the screen, where you will need to enter the SSO Profile name and upload the IdP metadata file.
Step 3: Click on the Test configuration button to validate the integration between Auth0 and the SSO setup in Pigeonhole Live is functioning correctly.
Step 4: You will be redirected to the Auth0 login page. Enter the Organisation Admin credentials (the user you created on Auth0), and click on the Continue button.
You will be again redirected to Pigeonhole Live with a Single sign-on configuration message where you need to click on the Apply new configuration button to add the Workspace Auth0 SSO.
Note: If you wish to discard the new set-up and revert to your old SSO configuration, select Keep existing configuration.
This will complete the Organisation Workspace SSO setup by adding a new SSO profile.