1. Help Center
  2. Advanced Concepts

SAML single sign-on

SAML-based single sign-on (SSO) gives members access to Vibe through an identity provider (IDP) of your choice.

To get started, you’ll need to set up a connection (or connector) for Vibe with your IDP. Many SSO providers are supported by Vibe for user management:

    If your identity provider is different from the ones listed above, please send us an email about your SAML IDP to support@vibe.us and our support team will get in touch with you.

    Okta

    Vibe supports SSO login via Okta, with the following limitations:
    • We don't support SCIM user provisioning and de-provisioning. This is on our roadmap.
    • Please be advised that SSO is only applicable to Vibe's web, iPad, and mobile apps. To login to Vibe Board, users will need to use email-based 2FA login or use the SSO logged-in mobile app to scan a QR code. Please see more on this in this video from our YouTube channel - Vibe Feature Fridays - Logging in & out - YouTube.

     

    Step 1: Set up SAML SSO for Vibe

    Create an App Integration for Vibe first.  In your Okta Admin console, navigate to Applications, and click "Create App Integration" button.

    Choose "SAML 2.0" sign in method.

    Enter "Vibe" as App name, and in the next screen, enter "https://api.vibe.us/v1/oauth/saml/acs" as "Single Sign On URL" and "https://api.vibe.us/v1/oauth/saml/metadata" as "SP Entity ID".

    After creating the integration, you should see the screen below.  Please send an email to support@vibe.us and provide us with the information below so that we can setup SAML integration on Vibe's backend.
    IDP info
    1. Identity Provider metadata (usually in form of an XML file)
    2. View Setup Instructions - Identity Provider Issuer
    3. Start URL: https://yourcompanydomain.sso.vibe.us/
      You can select your subdomain name, but there cannot be dots in between.

     

    Step 2: Configure your identity provider

    You need to configure Vibe as a service provider in your SAML configuration.  Here are the details:
    General setting
    1. Single sign on URL: https://api.vibe.us/v1/oauth/saml/acs
    2. Audience URI (SP Entity ID): https://api.vibe.us/v1/oauth/saml/metadata
    3. Attribute mapping:
      • first_name
      • last_name
      • User.Email

    Attribute mapping

      Do you support an IDP-initiated login so our user can use an 'app' within our Okta Dashboard?

      Currently, this is not supported however Okta has a workaround where you may enter the URL, https://yourcompanydomain.sso.vibe.us, in the Okta chiclet. The experience should be the same as IDP initiated login.

       

      Microsoft Azure

      Step 1: Configure Azure AD SSO
      To proceed, please send an email to support@vibe.us with the Azure metadata XML file. You will be using the start URL to log in as shown in point (3) below. You can select your subdomain name.
      You need to configure these entries in your Azure configuration:
      1. ACS URL: https://api.vibe.us/v1/oauth/saml/acs
      2. Entity ID: https://api.vibe.us/v1/oauth/saml/metadata
      3. Start URL: https://yourcompanydomain.sso.vibe.us/

        Step 2: Set up SAML SSO for Vibe

        Vibe requires the following information (outgoing claim type) when you set up attribute mapping:

        - User.Email

        - first_name

        - last_name

        After setting up attribute mapping, your User Attributes & Claims in Azure AD should look like this:


        Please note for each Manage Claim panel in Azure AD:


        image.png

        1. Name should be the outgoing claim that Vibe expects, such as User.Email
        2. Leave the optional Namespace field empty (Azure AD prefills this field, please make sure to delete auto-generated namespace)
        3. Source should be "Attribute"
        4. Source attribute should be the attribute in Azure AD. 

        G Suite (SAML)

        Step 1: Set up SAML SSO for Vibe
        To proceed, please send an email to support@vibe.us with the following information:
        1. SSO URL
        2. Entity ID
        3. Certificate
        4. IDP metadata
           

          Step 2: Configure your identity provider

          Please use the following settings to configure your SAML app:

          1. ACS URL: https://api.vibe.us/v1/oauth/saml/acs
          2. Entity ID: https://api.vibe.us/v1/oauth/saml/metadata
          3. Mappings:
            First name <-> first_name
            Last name <-> last_name
            Primary email <-> User.Email

          image-Jul-23-2021-07-00-19-73-AM

          Once configured, you can use https://yourcompanydomain.sso.vibe.us/ to log in.