Single sign-on (SSO)
Supernova uses Security Assertion Markup Language (SAML), which is an open standard used for securely exchanging data. Single sign-on (SSO) utilizes this standard for securely logging into applications.
With SSO, your team members will log in to the workspace with the specific identity provider used by your organization. Supernova acts as the service provider, and never stores or manages any credentials.
What you'll need
The process for configuring SSO depends on your specific identity provider. Contact us to enable SSO in your Company workspace and note the following information we will request from you.
The information you'll need to provide is:
- a workspace URL
- a verified email domain
- an identity provider configuration — depending on your specific identity provider, you will need to provide a configuration method either in the format of:
- metadata.xml that contains all of the information described above, OR
- Sign in URL, the X509 signing certificate, and an optional sign out URL
You will need some information from us to begin configuring SSO on your identity provider side. We will provide you with:
- an Assertion Consumer Service (ACS) URL
- an Entity ID
Auto-invite from SSO
With this feature you can activate certain domains for auto-inviting new users from SSO. This means that if the new user logs in with the given SSO provider for the first time, they are automatically invited to your Workspace as well.
When enabled, anyone that signs in with SSO to your workspace will be auto-invited to the workspace as a viewer.
How to set it up
Once your SSO integration is successfully enabled, you can then configure the auto-invite from the same settings by enabling the domains which users should be auto-invited from.
For providers with multiple domains, you can selectively say which domains should allow auto-invite, and which ones should require adding people manually.