How To Enable SAML Single Sign-on (SSO) Access Control On Your XhibitSignage account?

Security Assertion Markup Language (SAML) Single Sign-on (SSO) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. In this article, we will go over how to use the SAML Single Sign-on(SSO) feature within Xhibit Signage.

General Steps

Go to the profile settings. If the SSO feature is enabled for your account, then there will be an option for using SSO (as shown in the image) on the right. Toggle the switch on and there will be a dialogue box showing several URLs needed for your specific IDP configuration (onelogin, clearlogin, okta, bitium etc.).

Next, go to your Identity Provider’s website (onelogin, clearlogin, okta etc.) and login as Administrator. From here, either use your existing SAML app, or create a new SAML app and provide the details as required. *Check the methods of adding apps to your IDP below, prior to moving to the next step*.

After creation of the app, the IDP will produce a metadata file or link to that SAML app to register it on the Service Provider end (xhibitsignage.com). Navigate back to the Profile Settings page on Xhibit Signage, and input the metadata details in the SSO dialogue boxes. Now you will select your login method via the “Login through” buttons.

• Both: All of your client users can login from xhibitsignage.com as well as from idp.
• Only SSO: All of your client users can login through idp only.
• Individual: If client admin wants to setup SSO for few client users only.

If you have selected the individual option from the above option,  there will be a switch for each client user that can be turned on to enable SSO for that particular user, just like in the image to the left. A client admin can enable SSO for the user so that he/she can login through their respective IDP dashboard, and the rest of the users can continue to login through xhibitsignage.com as usual.

Configure SAML app on IDP further as needed.

Setting up SAML for different IDP’s

To setup SAML app for one login, please follow the steps below.

1. Navigate to *yourcompanyname*.onelogin.com
2. Login as administrator in your account by entering your credentials into the login page
3. After login, you will be redirected to the dashboard

1. The dashboard will list all apps that you have created for your users. From here, you can edit apps and reconfigure them as needed.
2. Click on the app navbar and select “add apps”, or click on the “new app” button on the right hand side dashboard.
3. You will see a screen similar to the image below.
4. Select your official app from the search box, or if testing, create a new app using the test IDP and follow these steps.

1. Navigate to the parameters section.

1. Next, change the name of the app to your desired name.
2. Change the icon of the app to your desired icon.
3. Select the save button at the top right side of the screen.
4. Click on the configuration tab and enter the details just like in the image.
5. Place “.*” in ACS (Consumer) URL Validator field.
6. Navigate to the parameters section.

1. Click on the “add parameter” button and write the email in the email field. Select Email from the value dropdown.
2. Navigate to the SSO section and copy the Issuer URL.
3. Click on the save button at the top right side of the screen.

1. You should now see your created app in your app library

Back to Xhibit Signage Profile

1. Navigate back to the profile settings page of xhibitsignage.com
2. Paste the issuer url into the metadata link field as you can see in the image below
3. Select any of the option button according to your usage or access level for your client users.
4. Click on the enable button to successfully register the app with xhibitsignage.com. The app will register with the SP (xhibitsignage.com), otherwise it will display an error.

1. Now for SSO to work successfully, a client user should have an account on the Service Provider (xhibitsignage.com) as well as on the IDP (onelogin) with the exact same email id, and the SSO feature should be enabled for that client user in xhibitsignage.com. They should have access to the SAML app that you have created on IDP for integrating the xhibitsignage.com.
2. You can assign the app to the user on the IDP by navigating to the users section & select the user whom you want to assign the app.
3. Select the application tab and click on + button at top right corner of the screen. It will open a dialogue box, and you can select the app name from the drop down.
4. Click “continue”, then it will open another dialogue box just like in the image above.
5. Select “cancel” because there is no need to configure anything for the user to login to the app.
6. Navigate to *yourcompanyname*.onelogin.com and login as a user whom you have enabled the SSO feature for.
7. A dashboard will appear with the app icon of the screen. Click on that app icon and it will log you in as client user into xhibitsignage.com account.

If you would like the Mvix Client Success Team to handle SAML setup on your behalf, please contact your Solutions Consultant for pricing on our paid Implementation Assistance service

Problems, Questions, Corrections: If you have any further questions, problems, or corrections you would like to see made, please open a support ticket at: http://www.mvixusa.com/clientsuccess/