How to Set Up your SSO

Introduction

Zuddl lets you build Single Sign On (SSO) workflows for you events by talking to your identity provider. The SSO connection is linked to all your events on Zuddl which means you only have to configure once and all events thereafter take the users through the SSO workflow.
Log-in via SSO is not supported on custom landing pages created using the landing page builder.

What is Single Sign-On?

With Single Sign-On (SSO) you can let your users gain access to multiple applications using a single set of login credentials without having them re-authenticate at every instance. Beside the great time-saving benefits, implementing SSO also allows you to securely host private events, keeping your’s and your audience’s data safe.
Zuddl relies on your Identity Providers (IdPs) for authenticating users by their login credentials. It is built on OAuth 2.0 framework and supports both SAML and OpenID Connect protocol standards.

How it works?

A high-level workflow of an SSO login for an attendee is explained below. It also includes the interactions between the different actors is explained below:
  1. User clicks on the SSO login option provided on your event landing/registration page.
  2. The user is redirected to a path where they have to authenticate with their Identity Provider using their credentials.
  3. Once the user logs in by entering their event-level credentials, the Identity Provider provides the required authorization and shares the user profile and authentication information in the form of tokens to your application. Once this is verified, your application grants the user access to your event.
Note: For first time users, clicking on the SSO login option would be prompt them to register with SSO credentials before they could logging in. Zuddl creates account on their behalf.

Adding an SSO Connection

The process of setting up an SSO connection varies according to the identity provider being used. Contact support@zuddl.com if you wish to add an SSO connection for your organization.

Prerequisites

Before configuring SSO for your events, you must share the following details to Zuddl
  • Your organization name in Zuddl
  • Your Identity Provider(s)
  • Domain(s) that require SSO connection
Zuddl uses the above information to create an account for your organization with its SSO service provider. Zuddl then generates an Assertion Consumer Service (or ACS) URL for your account. An ACS URL (also known as Redirect URI or Callback URL) is the location where your identity provider returns the authentication response, whether success or failure.

Setup Instructions

The specific instructions for creating an SSO connection differs for each Identity Provider because the information required is specific to a provider. Generally, the following basic details are required to create an SSO connection:
  1. Identity Provider details:

    The customer would need to provide the below entities to Zuddl:
    1. IdP SSO URL: The URL or endpoint where users enter their event-level login credentials to authenticate.
    2. Entity ID (or IdP URI):  The unique Id for the identity provider issuer.
    3. X.509 Certificate: A digital signature. Supported file format: .key, .pem, .cer, .cert, .crt.
  2. SSO Service Provider details

    Zuddl generates the Assertion Consumer Service (or ACS) URL for your account and shares it with the customer. An ACS URL (also known as Redirect URI or Callback URL) is the location or endpoint where your identity provider returns the authentication response, whether success or failure.
    This value has to be inputted into the corresponding field in your identity provider admin dashboard.

    Attribute mapping

    For some identity providers, customer also needs to provide the mapping of the following attributes:
    1. first name
    2. last name
    3. email
    4. accountId/identityId
Note: You can share these attribute in an XML format or a simple screenshot of the mapping modal.
Zuddl copies over this information to the SSO provider and finishes the SSO connection.
To refer to the provider-specific instructions, select your identity provider from the list to view the step-by-step instructions.

Indentity Providers

Title Person Description Column 4
AD FS SAML

Auth0

Azure SAML

CyberArk SAML

Generic SAML

Google OAuth

Google SAML

JumpCloud SAML

Microsoft OAuth

Okta SAML

OneLogin SAML

PingFederate SAML

PingOne SAML

VMWare SAML

Note:
  1. If you are unsure of your Identity Provider (IdP) or couldn’t find yours in the above list, follow the instructions given for Generic SAML .
  2. Social identity providers are different from other identity providers like SAML and OAuth. Ensure that you choose the right identity provider before starting to configuring the same.

Testing the connection

Once the connection is established, it is important to test the workflow to verify the connection. Zuddl only tests the SSO initiation workflow and checks for errors. You can do an end-to-end test of the SSO workflow by entering the login credentials.