SSO Integration Process Overview

In terms of SSO Touchcast currently supports SAML 2.0 integration.

Touchcast is the SP (Service Provider) and the client is the IdP (Identity Provider).  This allows client users to authenticate on Touchcast using their existing enterprise credentials. Users can sign in to Touchcast through company’s identity provider (IdP) sign in page and without the need for separate credentials on Touchcast side.

Configuring the SAML 2.0 integrations requires both the client and Touchcast teams to exchange metadata to be configured on both Touchcast and client’s side.The step-by-step flow looks as follow:

1. Set up a kick off meeting between Touchcast IT representative and client’s IT representative. In this meeting we will determine and agree on the plan to execute the integration.

2. The next step would be for Touchcast to get metadata from the client. See below for the exact metadata required.

3. Set up SAML 2.0 endpoint for the client on Touchcast side. This would be done initially on the Touchcast’s stage environment.

4. Touchcast to generate SAML service provider metadata XML and provide it to the client’s IT representative.

5. Next, the client needs to configure the SAML integration on their side with the help of the XML from the previous step.

6. Once the client confirms the configuration is completed on their side, next step would be to test the solution.

7. If the tests pass for stage environment, then we need to repeat steps 2-6 for production environment.

8. That’s it!

Metadata Touchcast provides:

• Assertion Consumer Service URL

• Audience URI

• SAML 2.0 Protocol Binding

• Name ID Claim Format and Value

• Claims/assertions Touchcast Requires

• Signing Certificate’s Public Key

• Metadata file

• URL to test inbound federation

Metadata client should provide:

• IdP Single Sign-On URL

• IdP Issuer URI

• Federation Service Metadata File or URL

• Token Signing Certificate Public Key