Your IT team can set up Single Sign On within the Slidebank Admin console under the 'Setup' tab, then click 'Single Sign-on'.

Ask your IT colleagues to follow the instructions below but to get in touch if they have any questions...

1. SSO assertions must use the SAML v2.0 standard.

2. You need to have an Identity Provider (IdP) available that can send SSO assertions for authenticated users.

3. SSO assertions must be signed with an X509 certificate.

4. As the Service Provider (SP), Slidebank will match existing users to the incoming SSO assertions using their email attribute, then log them into Slidebank.

5. An option is available to create new users in Slidebank, provided at least two extra attributes specify a department name and a role name, in which to place the new user.

6. Slidebank supports both IdP-initiated and SP-initiated SSO. For SP-initiated, you will need to provide a URL for Slidebank to send the users for authentication.

1. Log into Slidebank as an admin user.

2. Click Setup from the main menu.

3. Choose Single Sign-On from the setup options to open the SSO settings page.

4. Check the Enable SSO box.

5. If you have an XML metadata file from your IdP, you can import it into Slidebank to enter your IdP settings automatically.

a. Either Browse for the XML file, or drag and drop onto the box provided on the Slidebank SSO settings page.

b. This will enter the IdP settings provided in the metadata file, but you may edit them if necessary.

6. Get SP Certificate button – usually the certificate that signs the authentication request (used for SP-initiated SSO) is supplied in the metadata, so this step is not usually necessary. If you need to download the certificate on its own, click this button to download it. Note: This certificate is also contained within the SP Metadata.

7. Get SP Metadata button – click this button to download the SP XML metadata. You may import this into your IdP to enter the settings required for Slidebank SSO. It also contains the certificate that signs the authentication request for SP-initiated SSO.
​
Any changes to the SSO settings will be reflected in the XML metadata, so be sure to download the metadata again if the settings have changed. Then re-import the XML to your IdP to update with the new settings.
​

8. If you are not able to use the SP XML metadata file to set up your IdP, please copy the URL from the SP SSO URL box, and ensure your SSO assertions are posted to this URL. The Copy URL button is provided to copy this address into your clipboard.
​

9. If your IdP XML metadata file contained your IdP certificate, you should see its details in the IdP Certificate panel. Otherwise use the Browse button to import your certificate used to sign your assertion.
​

10. Click the Update Settings button to apply any new settings or changes.
​

11. See the following pages for more details about the various settings.
​

12. To test SP-initiated before enabling, try the link:
​https://organization-name.slidebank.com/ssotest
(substitute ‘organization-name’ with the name of your organization)

Toggles the SSO functionality. Must be checked to enable SSO access.
​

Slidebank will match existing users with incoming SSO assertions using the email attribute.
​
If the user does not exist, enabling this option will allow Slidebank to create new users, and will place them in the department and role specified by the department and role attributes respectively. Then the user will be logged in.
​
When this option is checked, the SSO settings are expanded to include the extra attributes required for user creation.
​

This option is only available if Create New Users is also checked.
​
If a new user is created by an SSO session, and the department and/or role provided by the assertion does not match any that exist, enabling this option will allow Slidebank to create the new department and/or role. Then the user will be added to the newly created role and logged in.
​

If the user visits Slidebank before being authenticated by the IdP, this option will redirect them to the IdP for authentication. Once authenticated the user will be returned to Slidebank to complete the SSO process and log them into Slidebank.
​
Enabling this option will display the Login URL box (see IdP Settings on page 5). Please provide the URL that Slidebank will redirect the user to, in order for authentication at the IdP to take place.
​
If this option is not enabled, and the user visits Slidebank first, the redirection to the IdP will not take place, and the user will see the Slidebank login page that is intended for logging in directly with a Slidebank account. However, if the user visits the IdP first, the SSO session will work as normal. The Slidebank login is likely to have different credentials to the user account provided by the IdP, as passwords will not be synchronized. For this reason, it’s generally recommended to make SP-initiated part of your SSO setup.
​
You can test your SSO setup before enabling SP-initiated with the link:
​https://organization-name.slidebank.com/ssotest
(substitute organization-name with the name of your organization)
​

Enable this option while testing a new SSO setup. It will display the log for failed SSO sessions on the Slidebank SSO landing page. Debug mode also disables SP-initiated so you can still have direct access using the Slidebank login page. This is useful if your SSO is failing to provide your own account with access in order to change settings. Remember to turn off this option when testing is complete.

If you are not able to use the SP XML metadata file to set up your IdP, please copy the URL from the SP SSO URL box, and ensure your SSO assertions are posted to this URL. The Copy URL button is provided to copy this address into your clipboard.

All SSO assertions received by Slidebank must be signed with a certificate.

If your IdP XML metadata file contained your IdP certificate, you should see its details in the IdP Certificate panel. Otherwise use the Browse button to import your certificate used to sign your assertion.
​
If a certificate has already being uploaded, the Change IdP Certificate button will be shown instead. Click this button to change the IdP certificate. You may also import by dragging and dropping the certificate onto the certificate panel.

1. Issuer Name (required) – this identifies your website, and Slidebank will check this against the issuer name provided in the SSO assertion. SSO will be rejected if they don’t match.

2. Login URL (required for SP-initiated SSO) – if users visit Slidebank first, they will be redirected to this URL to be authenticated if SP-initiated is enabled. Once authenticated, the user will be returned to Slidebank for the rest of the SSO process.

1. Email Attribute (required) – enter the name of the attribute that will contain the email address used to match your SSO users with a Slidebank account.

2. Login Attribute (optional) – enter the name of the attribute that will contain the user’s Slidebank login name. This can be left blank so that Slidebank will create a login based on the beginning of their email address.

3. Administrator Attribute (optional for Create New Users option) – If left blank, a newly created user will have normal user rights, otherwise this attribute can contain one of three values.

a. NotAdmin – the new user will have normal user rights, with access to the main features of the web application.

b. Admin – the new user will have administrator rights, with access to administrator features and control over users and files within their own department.

c. Super – the new user will have super administrator rights, with access to the administrator features and complete control over all departments.

4. Department Attribute (required for Create New Users option) – enter the name of the attribute that will contain the name of the department to add the new user to. If Create New Departments/Roles is enabled, and no match is found, Slidebank will create a new department with this name.

5. Role Attribute (required for Create New Users option) – enter the name of the attribute that will contain the name of the role to add the new user to. If Create New Departments/Roles is enabled, and no match is found, Slidebank will create a new role with this name.

6. First Name Attribute (required for Create New Users option) – enter the name of the attribute that will contain the first name of the user.

7. Middle Initial Attribute (optional for Create New Users option) – enter the name of the attribute that will contain the middle initials of the user.

8. Last Name Attribute (required for Create New Users option) – enter the name of the attribute that will contain the last name of the user.

9. Phone Number Attribute (optional for Create New Users option) – enter the name of the attribute that will contain the phone number of the user.

10. Mobile Attribute (optional for Create New Users option) – enter the name of the attribute that will contain the mobile number of the user.

Updated March 9th, 2021