Set up our app with ADFS SSO (SAML) for your organization

Set up our app with ADFS SSO (SAML) for your organization

Set up our app with ADFS SSO (SAML) for your organization

Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Team Plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.

Prerequisites 

  1. Your organization must be using a dedicated ADFS instance
  2. You will need administrative permissions to your ADFS instance
  3. You must be using a Team Plan 
  4. You will need administrative permissions for your Team Plan

Get SAML Setup Information from our app

Once you have your ADFS server set up, your Team Admin can choose to optionally require login via SAML.

1. Log in as a Team Owner or Team Admin, click your user badge, and then select Settings.

2. On the left sidebar, click Authentication.




3. Under SAML Authentication move the slider to On, which requires your users to log in via SAML.



Once enabled, additional settings are displayed, enabling you to set up communication between our application and the ADFS identity provider.

4. In the text box under Access URL, specify a unique access URL.
This URL will be used by your Team the first time they authenticate into ScreenPal.  When visiting this URL, the user will be redirected to your organization network login for sign-in or, if they are already logged into your network, they will be automatically signed into our site.
Note: "myuniqueurl" shown below is an example. This should be the name you create for your access page.
 

5. If you intend to have your users enjoy the advanced features provided in hosting (such as the branded player, content sharing, channel carousel, stock library images and videos, etc.) you must select Create users on ScreenPal using SAML for this Access URL. The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.

6. Next, download the metadata XML file from the settings area. This file can be found under ScreenPal SAML Info, as displayed in the image below.



7. Save this XML file for a later step. 

Next, we will get ADFS set up before coming back to this settings page to upload the IDP identify file.

Set up ADFS Identity provider 

This section covers an ADFS instance setup for single sign-on.  Refer to this article if you are using Azure.

To update your ADFS metadata complete the steps below.  You will likely require admin privileges for your ADFS instance to perform these steps.

1. Log in to the ADFS Management Console.
2. In the left sidebar, click ADFS 2.0 > Trust Relationships.
3. Click on Relying Party Trusts.
4. Click Update from Federation Metadata.
5. Right click on the relying party trust, then click Properties
6. Click Monitoring, and paste the following URL into Relying party's federation metadata URL: https://screenpal.com/saml/metadata.xml
7. Select the checkboxes for Monitor relying party and Automatically update relying party.
8. Click OK.
9. Select the same relying party trust item that you just configured. In the right sidebar, click Update from Federation Metadata.
10. Ignore the message regarding ADFS2.0 support if one is displayed. Click OK
11. Finally, click Update to complete updating the federation metadata with the ScreenPal metadata file.


Upload the Identify Provider File to your account

With ADFS setup, we need to find the IDP file / Federation Metadata XML and to upload it to the your Admin Account Authentication settings.

Typically, this file is found here:

https://myadfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml

Download this file, and navigate back to the ScreenPal Admin Account Authentication settings.

1. Under SAML User Access, click the Choose File button under Upload IDP Metadata File.



Once uploaded, the file will be validated and you should see a message that states, "Metadata matches".   

2. Click Test Login under Current IDP Metadata and you should see the normal login prompt for your organization.  

3. Next, click the Save button to commit the IDP Metadata and you are done. 

4. Click the Test Login link under Current IDP Metadata to make sure the login works for an actual user. 


FAQ

IS FIRST AND LAST NAME REQUIRED TO SETUP WITH SCREENPAL SAML AUTHENTICATION?  CAN WE JUST USE THE NAME ID?

First and Last name is required as SAML requires setting up a user in our system. 

GETTING THE FIRST NAME AND LAST NAME (GIVEN NAME AND SURNAME) TO AUTO-POPULATE.

If the name is not auto-populating, try mapping the LDAP attributes like this.

Surname -> urn:oid:2.5.4.4
Given-Name  -> urn:oid:2.5.4.42 

HOW OFTEN ARE USER CREDENTIALS REVALIDATED? 

With SAML enabled, users will be required to re-login after a month of usage. 


    • Related Articles

    • Google Workspace SAML integration

      Google Workspace SAML integration Google Workspace serving as an Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to our Recorder and Video Editor under your ...
    • Add SAML Login using Microsoft Entra (formerly Premium Azure)

      Adding SAML Login using Microsoft Entra (formerly Premium Azure) Once you have a Microsoft Entra account set up, as a Team Plan Administrator, you can choose to require login via SAML for your users. SAML login can be configured from ScreenPal's Team ...
    • Set up ScreenPal with Canvas LMS using the LTI v1.3 app

      Add the LTI v1.3 app as a Canvas admin Our application integrates with many learning management systems via the Learning Tools Interoperability (LTI) standard. This article will help you with the setup and use of our LTI version 1.3 app with the ...
    • Add your account to our mobile app

      You can quickly log into your account using our mobile application to upload mobile recordings to your account and access the features associated with your account from your iOS device. To do this, follow the steps below. 1. Open our app on your iOS ...
    • Set up ScreenPal in Schoology LMS using LTI v1.3

      Our application integrates with many learning management systems via the Learning Tools Interoperability (LTI) standard. This article will help you with the setup and use of our LTI version 1.3 app within the Schoology LMS. For more information about ...