Setting up SSO (Single Sign-on) for Teams allows you to restrict access to Pigeonhole Live account and Workspace to authorised individuals in your organisation and team only, preventing any unauthorised access to confidential meeting and event information.
Once you've set up SSO for members of your Team Workspace, we will work with your Identity Provider (IdP) to import your team's name and email address and use this information to verify workspace members during logins. Your workspace members will not be able to alter their login information on their own.
To set up Single Sign-on for your team, refer to the following steps:
1. Appoint an SSO Administrator
First, you need to appoint an SSO Administrator. The SSO Administrator will have to create a Pigeonhole Live account but does not need to be a member of your Team Workspace.
The SSO Administrator will be given special access to set up the SSO configuration for your organisation. This configuration can be shared across multiple Team Workspaces.
Please inform your account manager once you have appointed an SSO Administrator so he/she can assist you with the set up. Once your account manager has attended to your request, the SSO Administrator will see an "SSO Configuration" in the dropdown menu, on the top right-hand side of the Workspace.
The SSO administrator will have to perform the following steps to set up SSO for your Team Workspace.
2. Instructions for SSO Administrator
1. Pigeonhole Live’s SSO is based on SAML 2.0. As the SSO Administrator, you will need to configure your IdP application to return the name and email address of the user as attributes or claim roles.
1. Name/ display name
Example of SAML attribute for name:
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">John Smith</saml:AttributeValue>
</saml:Attribute>
2. Email address / email
Example of SAML attribute for emailaddress:
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">j.smith@company.com</saml:AttributeValue>
</saml:Attribute>
2. Once you have the information required, you can proceed to configure SSO. Follow the instructions for your respective IdP. If your IdP is not listed, you should still be able to configure your IdP based on one of the instructions listed here:
Configuring SSO for Auth0
Configuring SSO for Okta
Configuring SSO for G-Suite
Configuring SSO for Azure Active Directory
3. Inform your account manager once you have completed SSO configuration.
Once the SSO configuration is completed, please inform your account manager so he/she can turn on SSO for your Team Workspace. Your workspace members will then receive the sign-in instructions via email.