Introduction
If your customers already have user accounts in your application (in your IdP), then you can enable SAML Single Sign-On (SSO) to automatically log them into LoopedIn as well.
In order to implement SAML authentication, you have to create and submit the issuer URL, signing URL, and certificate to securely verify the user's identity from LoopedIn.
User Flow
When SAML login is enabled, the following user flow is observed:
- Unauthenticated users will be prompted to log in when they attempt to vote, comment, or submit content.
- Upon clicking "Log in," LoopedIn redirects the user to the Identity Provider (IdP) with a SAML authentication request.
- The user is redirected to the IdP's login page, where they are prompted to enter their credentials, such as a username and password. These credentials are provided by your organization and generated by your identity provider (IdP).
- The user enters their credentials on the IdP's login page, and the Identity Provider verifies the user's identity by authenticating their credentials.
- Once the user's identity is authenticated, the IdP generates a SAML response containing the user's identity information and signs it using the IdP's private key.
- The Identity Provider sends the SAML response back to LoopedIn using a predefined callback URL.
- LoopedIn receives the SAML response and verifies its authenticity. It then extracts relevant user information from the SAML response, such as the username and email address.
- The user is successfully authenticated and gains access to the protected resources within LoopedIn.
SAML Setup
- Open https://app.loopedin.io/settings#/sso and navigate to the SAML section.
- Research and select a SAML-compliant Identity Provider that meets your requirements. Some popular options include Okta, OneLogin, Azure AD, and ADFS. (If you already have one, you can skip this setup.)
- Once you have selected an Identity Provider, create a project/application in your Identity Provider account. After creating the project, proceed to the SAML SSO configuration.
- Obtain the Login URL, callback URL, Logout URL, and Allowed Domain from the SAML section of the following page: https://app.loopedin.io/settings#/sso.
- Once you have completed the previous setups, you need to provide LoopedIn with the Issuer URL, Entry Point, and Certificate from your Identity Provider. All three details will be provided by your identity provider.
- Additionally, you need to update/map the claims from your identity provider by adding "user_name" and "user_email" for your customers.
- After completing all the configuration setups, it's time to test the SAML configuration. Click on the button labeled "Test URL."
- Clicking on the Test URL button will redirect you to your identity provider's login page. Log in with a user who is registered in your identity provider account. Once you successfully log in, you will be redirected back to LoopedIn.
- Once you are successfully redirected, you will see the "Enable SSO" button enabled. By turning it on, you can enable SAML login. (As per your requirements, you may also need to enable "Enable SSO" and "Login Wall" from the same page.)
- After completing the above steps, you will see the login dialog on your public page.