As an Organisation Admin, you can add an Attendee SSO profile so the participants can seamlessly access an event without going through the repetitive login process across different applications on the attendee’s end. This not only enhances convenience but also ensures accountability by verifying the identification of each attendee.
In this documentation, we will navigate you through the following steps to help you set up your Organisation Attendee SSO to prevent unauthorised access to confidential meetings and events.
- Navigation to Organisation SSO
- Add Attendee Profile SSO
- Create an Application on Okta
- Assign Attendee
- Edit Attendee SSO Profile
Let’s get started 🚀
Navigation to Organisation SSO
Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.
Step 2: Select your Organization name from your workspace selection list.
Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.
Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Okta).
Add Attendee SSO Profile
Adding an attendee SSO Profile ensures a seamless login experience for attendees while maintaining security measures specified by the organisation. It creates a more efficient, user-friendly, and secure authentication process for attendees accessing interactive events and engagement features.
Step 1: From the Single Sign-On Page, click on the Add Attendee SSO profile button.
Further, you will need to follow the actions for the parameters listed on the attendee SSO profile as shown in the following table:
Parameters | Description | Actions |
Callback URL | The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Okta. | Copy the Callback URL |
Service Provider Entity ID | An Entity ID is a unique identifier for an Identity Provider. This Entity ID is used to identify each party in the SSO process. It's often part of a metadata file (an XML file with a certificate, entity ID, and endpoint URLs). | Copy the SP Entity ID. |
Create an Application on Okta
Creating an application using Okta Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up attendee SSO for your workspace using Pigeonhole Live.
This also allows you to configure a SAML2 Web Application, a widely used mechanism for authentication, authorisation, and SSO implementation in web applications.
Step 1: Sign in to your Okta account as an Admin and it will redirect you to the dashboard. Click on the Applications dropdown list from the left menu of the interface and select the Applications option.
Step 2: Click on the Create App Integration button from the middle of the interface.
Start creating your new app integration by selecting an application type as a sign-in method. We have selected the SAML 2.0 option (as Pigeonhole Live support this method to set up SSO).
Applications | Description |
OIDC (OpenID Connect) | Token-based OAuth 2.0 authentication for API endpoints for Single Sign-On (SSO). This option is recommended if you intend to create a custom app integration with the Okta Sign-In Widget. |
SAML 2.0 | SSO open standard based on XML. Use if your application's Identity Provider only supports SAML. |
SWA (Secure Web Authentication) | Okta-specific SSO method. Use if your application doesn't support OIDC or SAML. |
API Services | For machine-to-machine authentication, interact with Okta APIs using scoped OAuth 2.0 access tokens. |
Step 3: After selecting the SAML 2.0 option, click on the Next button.
To set up SAML integration for your application, you need to configure the following:
- General Settings
- Configure SAML
- Feedback
General Settings
Enter the general information for the SAML integration like the app name and click on the Next button.
Configure SAML
Configure the application to establish a secure and authorised communication link between Pigeonhole Live and Okta so that it sends the correct user profile attributes to the application(s).
Settings | Description | Actions |
Single sign-on URL | The URL to which the SAML assertion is transmitted via HTTP POST. This is commonly referred to as your application's SAML Assertion Consumer Service (ACS) URL. | Paste the Callback URL |
Audience URL (SP Entity ID) | The application defines the unique identity of the SAML assertion's intended audience. This is usually your application's SP Entity ID. | Paste the SP Entity ID. |
Name ID format | Identifies the SAML processing rules and constraints for the assertion's subject statement. Use the default value of 'Unspecified' unless the application explicitly requires a specific format. | Select the Email Address |
Scroll down and configure the following attribute statements (optional).
Statements | Description |
Name | Enter a Name for the attribute. |
Value | Enter a Value for the attribute defined by the Name element. |
After entering the required details, click on the Next button.
Feedback
Provide Okta support with useful background information about your application. Check the option “I’m a software vendor. I’d like to integrate my app with Okta” and click on the Finish button to complete the SAML Integration.
Now you will need to download the Identity Provider Metadata file that will be used by Pigeonhole Live to send SAML-based authentication requests to Okta. For this purpose, follow the below steps:
Step 1: Locate the Metadata details section to copy the Metadata URL.
Step 2: Launch the metadata URL into a new tab.
Step 3: Save the IDP metadata file to download it to your local machine in XML format.
Assign Attendee
After creating the App (SAML) integration for attendees, you can assign a user as an attendee to access an event without going through the repetitive login process across different applications on the attendee’s end. To assign SSO access to the desired attendees, you will first need to ensure that they are added as Persons in Okta. To learn more about adding Persons in Okta, refer to this link. Or if you would like to add Groups, refer here.
Once the Persons are all available in Okta, you may then proceed to assign them to the Application you just created.
Step 1: Select your created Application and click on the Assignments tab.
Step 2: Select the Assign to People option from the Assign dropdown.
Step 3: Search for the Person you want to give Attendee SSO access to and click on the Assign button.
Step 4: Click on the Save & Go back button to continue.
Step 5: Click on the Done button to finish.
This will add your assigned Person to the Application (App Integration) that has been set up in Okta.
We highly recommend that Organisation Admins add themselves as Persons in Okta and assign themselves to the Application to test the Attendee SSO feature because it will be easier for them to troubleshoot any issues.
Edit Attendee SSO Profile
After creating an application in Okta, you will need to edit an Attendee SSO profile which involves modifying the SAML settings associated with the organisation SSO from Pigeonhole Live.
Step 1: From the Single Sign-On Page, click on the Edit button of your Attendee SSO profile.
Step 2: A modal window will appear on the screen, where you must enter the Attendee SSO Profile name and upload the IdP metadata file.
Step 3: Click on the Save button to save the SAML settings containing your IdP metadata associated with the organisation SSO.
This will complete the Organisation Attendee SSO setup.
Enable SSO for your Attendees
Manage the attendee SSO profiles for your workspaces from Pigeonhole Live events using SSO configuration.
Note: We recommend that the Organisation Admin is added as a Workspace Member to the workspace so that he can test the feature to see if it has set up correctly.
Step 1: Click on your Organisation selection list from the top-left corner of the interface and select your Workspace name from your Organisation selection list.
Step 2: Click on your Workspace selection list from the top-left corner of the interface and select the Workspace Settings of your selected workspace.
Step 3: Select the Pigeonhole policies option to configure Attendee SSO profile availability.
Step 4: Check the Availability option corresponding to the Attendee SSO profile you added.
Note: Selecting "Default" for the Attendee SSO profile will let you set that attendee profile as the default for every newly created pigeonhole (event).
Step 5: Click on the Save button to save the changes.
Step 6: Select the Pigeonholes tab from the top navigation bar and this will take you to the Pigeonhole page where you need to set up an Event which will apply the saved SSO configuration for the attendee.
For Setting up the Pigeonhole Live event, refer to this documentation on- Setting up and Editing your Event Info.
Step 7: Click on the Attendees tab from the top menu bar.
Step 8: Navigate to the “Registrant Profiles” section, uncheck the Enable registrant profile for this event option and click on the Save button.
Step 9: Click on the Security tab from the menu bar.
Step 10: Select the Attendee SSO profile which you added for your workspace from organisation settings and click on the Save button.
This will complete the configuration for the Organisation Attendee SSO setup. Now you can Run link (Audience Web App) which will redirect you to access Okta Attendee SSO.