Support Center

How to enable SAML Single Sign-on (SSO) access control on your Xhibitsignage account?

Last Updated: Jun 09, 2017 03:50PM EDT

SAML (Security Assertion Markup Language) Single Sign-on is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. In this article, we will go over how to use the SAML Single Sign-on feature within Xhibit Signage.

What You'll Need

  • An Xhibit signage device
  • XhibitSignage.com CMS Application with supported feature package
  • Internet Connectivity

If you meet the requirements listed above, simply follow the steps below to learn how to use the SAML SSO feature.
 

General Steps

General Steps
 
  • Go to the profile settings
  • If the SSO feature is enabled for you, then there will be an option for enabling SSO as shown in the image on the left.
  • Turn the switch on and there will be a dialog showing several URLs needed for your specific IDP configuration (onelogin, clearlogin, okta, bitium etc.)
  • Go to your Identity Provider's website (onelogin, clearlogin, okta etc.) and login as Administrator
  • From here, either use your existing SAML app, or create a new SAML app and provide the details as required. After configuring your service provider, the IDP will produce a metadata file or link to that SAML app to register it on SP(xhibitsignage.com)
  • Get the file/link that was mentioned above
  • Now go back to the profile page setting in SP(xhibitsignage.com) and put the metadata details in the SSO dialog.
  • Now click on one of the radio buttons provided at the end of the dialog stating "Login through"
  • Where:
    Both: All of your client users can login from xhibitsignage.com as well as from idp.
    Only SSO: All of your client users can login through idp only.
    Individual: If client admin wants to setup SSO for few client users only.
Choosing the profiles widget
 
Selecting the Theme
 
  • If you have selected the individual option from the above option,  there will be a switch for each client user that can be turned on to enable SSO for that particular user, just like in the image to the left.
  • As you can see in the screenshot to the left, a client admin can enable SSO for the user so that he/she can login through their respective IDP dashboard, and the rest of the users can continue to login through xhibitsignage.com as usual.
  • Configure SAML app on IDP (identity providers):
    There are different ways for configuring SAML app for different providers. To setup SAML app for onelogin, please follow the steps below.
  • Go to yourcompanyname.onelogin.com
  • Login as administrator in your account by entering your credentials into the login page
  • After login, you will be redirected to the dashboard
Selecting the Data Source
 
Selecting your Current Items
 
  • The dashboard will list all apps that you have created for your users. From here, you can edit apps and reconfigure them as needed.
  • Next, click on app navbar and select "add apps", or  click on the "new app" button on the right hand side dashboard.
  • You will have a screen similar to the image to the left.
  • Select your offical app from the search box, or if testing, create a new app using the test IDP and follow these steps.
Transitions
 
Adding to your media library
 
  • Type SAML in the search box, and now you will have a list of SAML connectors as seen in the image.
  • Next, click on SAML Test Connector (IdP w/attr).
  • Now you will have a screen like in the image
Transitions
 
Adding to your media library
 
  • Next, change the name of app with your desired name.
  • Then change the icon of the app to your desired icon.
  • Now click on the save button at the top right side of the screen and you will have a screen just like in the image
  • Now click on the configuration tab and enter the details just like in the image
  • For now put .* in ACS (Consumer) URL Validator field.
  • Now go to parameters section.
Transitions
 
Adding to your media library
 
  • Now click on add parameter button and write email in field and select Email from the value dropdown. Now you will have a screen like the image.
  • Now go to SSO section and copy Issuer URL.
  • Now click on the save button at the top right side of the screen.
Transitions
 
Adding to your media library
 
  • Now you will have an app on your dashboard like the image
  • Now go back to profile page settings of xhibitsignage.com
  • Paste the issuer url into the metadata link field as you can see in the image
  • Now select any of the option button according to your usage or access level for your client users.
  • Now click on enable button to successfully register the app with xhibitsignage.com if everything goes in the right way then the app will register with SP(xhibitsignage.com) otherwise it will display an error.
Transitions
 
Adding to your media library
 
  • Now for SSO to work successfully, a client user should have account on SP(xhibitsignage.com) as well as on IDP (onelogin) with the exact same email id and SSO feature should be enabled for that client user in xhibitsignage.com and he/she should have access to the SAML app that you have created on IDP for integrating the xhibitsignage.com
  • You can assign app to the user on IDP by going into all users section & select the user whom you want to assign the app.
  • Now click on application tab and click on + button at top right corner of the screen then it will open a dialog box, select the app name from the dialog box
  • Now click on continue then it will open another dialog box just like in the image.
  • Simply click on cancel button because there is no need to configure anything for the user to login to the app.
  • Now go to yourcompanyname.onelogin.com and login as a user whom you have enabled the SSO feature for.
  • A dashboard will appear with the app icon of the screen now simply click on that app icon and if everything is ok then it will log you in as client user into xhibitsignage.com account.
Transitions
 

 

 

Problems, Questions, Corrections: If you have any further questions, problems, or corrections you would like to see made, please open a support ticket at www.mvixusa.com/support/

mvixsupport@mvixusa.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete