SAML SSO Login

SAML Single Sign-on (SSO) streamlines user authentication by providing a centralized service. With SSO, users can access multiple applications using a single, trusted login account, enhancing convenience and security across various platforms.

What is SAML?

SAML SSO simplifies user authentication by enabling access to multiple applications without the need for separate account credentials for each one. This streamlined process enhances manageability as users no longer have to input account information repeatedly. Moreover, it ensures convenience and security for both users and administrators, facilitating centralized management of organizational accounts.

SAML SSO login is available as a pre-paid use when you subscribe to the enterprise plan. (→ Contact us for pricing )

Enhanced Convenience:
- Users can streamline their service management by utilizing a single account, eliminating the need to remember multiple sets of credentials for various services.
- Administrators can efficiently onboard new members to channels. Rather than sharing individual invitation links, channel invitations can be easily facilitated through registration with the identity provider.
Enhanced Security:
- The identity provider employs encrypted login authentication across channels, offering a heightened level of security compared to managing information through individual managers.

How to set it up:

Activate SSO

To use SAML SSO login, the following three items must be set up:

Enable the SAML SSO button
Register at least one authorized domain
Enter your SAML SSO settings

Domain Registration and Authorization

Why do we need to authorize our domain?

SAML SSO login identifies the channel’s manager through an [email domain]. Therefore, you’ll need to prove that the the channel owns that particular domain.

You can register more than one domain.
- Domains more than once can be registered in different channels .
You need a custom domain.
- Accounts like gmail.com / yahoo.com will not be registered.

SAML SSO Settings

Only the channel owner or a manger with security authorization can set up SAML SSO.

Enter the SSO URL / Entity ID value you found in Channel Talk into the identity provider.
1. SSO URL
2. Entity ID
Enter the SSO URL / Identity Provider Entity ID / Public certificate values from your identity provider into the Channel Talk settings screen.
1. ID Provider's SSO URL
2. ID Provider's Entity ID
3. Public certificate
- ( → Find out how to set up using OKTA)

Users can choose between traditional email/password login and SAML SSO integration. If you disable email login, access to channels with SAML SSO login configured will be unavailable.

Even if email sign-in is disabled, channel owners retain the ability to sign in via email as a precautionary measure to prevent channel unavailability during identity provider emergencies.

By logging in via email and enabling email login in the SAML SSO settings panel, channel owners can also grant channel managers access via email in case of any issues with the SAML SSO login feature.

Manager Auto-Invite

You can enable manager auto-invites so that newly enrolled team members in your identity provider can automatically join your channel with a SAML SSO login. This makes managing managers more convenient!

If you have disabled the auto-invite feature, they can still be invited to the channel via the channel link in [Channel settings > Teammates > Manager > + Invite new manager]

How to use SAML SSO

Create an account with Channel Talk
- Create an account using the same email as your identity provider.

Log-in to SAML SSO

Select the channel you would like to access
- Channels with the SAML SSO login feature enabled will be displayed on this list.

If your login account is different
- Please check the domain registered with your identity provider and sign in again.

FAQ

How to set up using Okta:

There are multiple identity providers available. If you are using another service other than OKTA, please refer to the app integration method of the service you are using.