Set up our app with ADFS SSO (SAML) for your organization

Set up our app with ADFS SSO (SAML) for your organization

Set up our app with ADFS SSO (SAML) for your organization

Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Team Plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.


  1. Your organization must be using a dedicated ADFS instance
  2. You will need administrative permissions to your ADFS instance
  3. You must be using a Team Plan 
  4. You will need administrative permissions for your Team Plan

Get SAML Setup Information from our app

Once you have your ADFS server set up, your Team Admin can choose to optionally require login via SAML from your Administrative Account Authentication settings.

1. Log in as an Account Owner or Admin, click your user badge, and then select Settings.

2. On the left sidebar, click Authentication.

3. Under SAML Authentication move the slider to On, which requires your users to log in via SAML.

Once enabled, additional settings are displayed, enabling you to set up communication between our application and the ADFS identity provider.

4. In the text box under Access URL, specify a unique access URL.
This URL will be used by your Team the first time they authenticate into ScreenPal.  When visiting this URL, the user will be redirected to your organization network login for sign-in or, if they are already logged into your network, they will be automatically signed into our site.
Note: "myuniqueurl" shown below is an example. This should be the name you create for your access page.

5. If you intend to have your users enjoy the advanced features provided in hosting (such as the branded player, content sharing, channel carousel, stock library images and videos, etc.) you must select Create users on ScreenPal using SAML for this Access URL. The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.

6. Next, download the metadata XML file from the settings area. This file can be found under ScreenPal SAML Info, as displayed in the image below.

7. Save this XML file for a later step. 

Next, we will get ADFS set up before coming back to this settings page to upload the IDP identify file.

Setup ADFS Identity provider 

This section covers an ADFS instance setup for single sign-on.  Refer to this article if you are using Azure.

To update your ADFS metadata complete the steps below.  You will likely require admin privileges for your ADFS instance to perform these steps.

1. Log in to the ADFS Management Console.
2. In the left sidebar, click ADFS 2.0 > Trust Relationships.
3. Click on Relying Party Trusts.
4. Click Update from Federation Metadata.
5. Right click on the relying party trust, then click Properties
6. Click Monitoring, and paste the following URL into Relying party's federation metadata URL:
7. Select the checkboxes for Monitor relying party and Automatically update relying party.
8. Click OK.
9. Select the same relying party trust item that you just configured. In the right sidebar, click Update from Federation Metadata.
10. Ignore the message regarding ADFS2.0 support if one is displayed. Click OK
11. Finally, click Update to complete updating the federation metadata with the ScreenPal metadata file.

Upload the Identify Provider File to your account

With ADFS setup, we need to find the IDP file / Federation Metadata XML and to upload it to the your Admin Account Authentication settings.

Typically, this file is found here:

Download this file, and navigate back to the ScreenPal Admin Account Authentication settings.

1. Under SAML User Access, click the Choose File button under Upload IDP Metadata File.

Once uploaded, the file will be validated and you should see a message that states, "Metadata matches".   

2. Click Test Login under Current IDP Metadata and you should see the normal login prompt for your organization.  

3. Next, click the Save button to commit the IDP Metadata and you are done. 
4. Click the Test Login link under Current IDP Metadata to make sure the login works for an actual user. 



First and Last name is required as SAML requires setting up a user in our system. 


If the name is not auto-populating, try mapping the LDAP attributes like this.

Surname -> urn:oid:
Given-Name  -> urn:oid: 


With SAML enabled, users will be required to re-login after a month of usage. 

    • Related Articles

    • Google Workspace SAML integration

      Google Workspace SAML integration Google Workspace serving as an Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to our Recorder and Video Editor under your ...
    • Add SAML Login using Premium Azure

      Adding SAML Login using Premium Azure Once you have your ADFS server setup, your Team Plan admin may choose to optionally require login via SAML from the Admin Account Authentication Settings. Login as Team Admin and click your user icon, then ...
    • Set up ScreenPal in Schoology LMS using LTI v1.1

      Our application integrates with many learning management systems via the Learning Tools Interoperability (LTI) standard. This article will help with the setup and use of our LTI app within the Schoology LMS for administrators and teachers. Table of ...
    • Add your account to our mobile app

      You can quickly log into your account using our mobile application to upload mobile recordings to your account and access the features associated with your account from your iOS device. To do this, follow the steps below. 1. Open our app on your iOS ...
    • Admins: Silently install our app for your users

      Admins: Silently install our app for your users For provisioning a group of users, an administrator can silently install our app on users' computers within the team and organization. Using the full installation method enables you to provision your ...