SSO Integration Process Overview
Â
In terms of SSO Touchcast currently supports SAML 2.0 integration.
Touchcast is the SP (Service Provider) and the client is the IdP (Identity Provider). This allows client users to authenticate on Touchcast using their existing enterprise credentials. Users can sign in to Touchcast through company’s identity provider (IdP) sign in page and without the need for separate credentials on Touchcast side.
Configuring the SAML 2.0 integrations requires both the client and Touchcast teams to exchange metadata to be configured on both Touchcast and client’s side.The step-by-step flow looks as follow:
Set up a kick off meeting between Touchcast IT representative and client’s IT representative. In this meeting we will determine and agree on the plan to execute the integration.
The next step would be for Touchcast to get metadata from the client. See below for the exact metadata required.
Set up SAML 2.0 endpoint for the client on Touchcast side. This would be done initially on the Touchcast’s stage environment.
Touchcast to generate SAML service provider metadata XML and provide it to the client’s IT representative.
Next, the client needs to configure the SAML integration on their side with the help of the XML from the previous step.
Once the client confirms the configuration is completed on their side, next step would be to test the solution.
If the tests pass for stage environment, then we need to repeat steps 2-6 for production environment.
That’s it!
Â
Metadata Touchcast provides:
Assertion Consumer Service URL
Audience URI
SAML 2.0 Protocol Binding
Name ID Claim Format and Value
Claims/assertions Touchcast Requires
Signing Certificate’s Public Key
Metadata file
URL to test inbound federation
Metadata client should provide:
IdP Single Sign-On URL
IdP Issuer URI
Federation Service Metadata File or URL
Token Signing Certificate Public Key