Sketchboard supports Single Sign-On (SSO) using Security Assertion Markup Language (SAML).
Officially Sketchboard supports Okta and Auth0 SSO/SAML, which means that Okta SSO/SAML configuration is documented and tested. Auth0 SSO/SAML configuration documentation. Let us know if you want to get support for other identity providers (IDP)!
You can add SSO SAML configuration when you have an organization subscription on Sketchboard, about Sketchboard organization.
Okta SAML Settings
- Sign in on Okta with your Okta admin account.
- Go to Applications, add Add Application and Create New App.
- Select Web and SAML 2.0 from the Create a New Application Integration dialog.
- Type Sketchboard on General Settings, and add Sketchboard logo.
To fill SAML Settings for Sketchboard on Okta, open Sketchboard for the configuration information.
Sketchboard SAML Settings
- Open Sketchboard as an Organization admin/primary owner. From the Dashboard menu
Menu > Security > Configure SSO
- Enable SSO/SAML and Sketchboard creates a unique Single Sign on URL and Audience URI to be used on Okta SAML settings.
- Copy Sketchboard SAML settings to Okta.
- Download Sketchboard encryption certificate.
Fill Okta SAML Settings
- Paste copied SAML values
- Single Sign on URL
- Audience URI
- Update Name ID format to EmailAddress
- Click Show Advanced Settings
- Set Assertion Encryption to Encrypted
- Upload Encryption Certificate that you downloaded earlier from Sketchboard
- Specify Attribute Statements
- Set Email as user.email
- FirstName as user.firstName
- LastName as user.lastName
Note, Email needs to match with Name ID. Attributes are copied to Sketchboard when user signs up using SSO.
- Select I’m an Okta customer adding an internal app
- This is an internal app that we have created
Okta Sign-On Settings
Once you have created Sketchboard SAML app, copy Okta sign-on settings to Sketchboard by clicking Sign On tab on Okta.
- Click View Setup Instructions
|Copy from Okta||To Sketchboard|
|Identity Provider Single Sign-On URL||SAML Sign-in URL|
|Identity Provider Issuer||Issuer|
|X.509 Certificate||x509 Certificate|
Choose a Sketchboard default team that your Single Sign-On users will automatically join. Optionally you can leave this setting as blank, to allow users to create a new team under your organization when they sign up on Sketchboard.
Change Sign-In type to SSO
Now that you have configured SSO, you need to set sign-in type to SSO for your account. Any new users that sign up on Sketchboard using SSO, sign-in type is by default set to SSO and this step is not required. How to change Sign-in type to SSO.