SAML Single Sign-On is a mechanism that leverages SAML allowing users to log on to multiple web applications after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience. Okta, Onelogin, and OAuth0 are the main SAML SSO providers.
SAML SSO is easy to use and more secure from a user perspective as they only need to remember one set of user credentials. It also provides fast and seamless access to a site as every application they access does not prompt them to enter a username and password. Instead, the user logs into the identity provider and then accesses the relevant web application by clicking on its icon or navigating to the site via its URL. Learn more.
SAML SSO Flow
Once this option is enabled in your community, users will be able to log into the community without the need to manually create an account or insert a username and password. Users will see the options on the community login page to log in/sign-up via their credentials on SAML SSO providers. You can change this login button text or hide it from the community log-in page.
Create new staff: In the SAML SSO settings, if the "Create new staff" toggle is enabled, as soon as a user clicks on login/sign-up via the option enabled by SAML, Bettermode will create a staff account for the user in the community if the user does not exist in the community already. These staff accounts can get an Admin or Moderator role later (How to assign roles). If this toggle is disabled, Bettermode will trough an error and won't create an account for the user. This way, you will make sure that only your staff will be able to register with the community using the SAML option.
Login button text: Let's say that you are using Okta (SAML provider) for your admin/staff login only. In that case, you might not want all the community users to see the staff login option on the community login page. To hide this option, from the community SAML SSO setting, you can simply leave the "Login button text" empty. Therefore, your staff can log in to their Okta account, and log in to the community from there, along with all other apps that they have access to via Okta.
How to set up SAML SSO in my Bettermode community
Login to the community using your admin account.
Navigate to the Administration > Settings > Authentication > enable SAML toggle.
From the SAML settings page, fill out the required credentials.
Turn on the "Enable SAML" toggle from the bottom of the page and click on the "Update" button to save the changes.
SAML SSO Settings
Identity provider single sign-on URL
Identity provider issuer/entity ID
X.509 certificate
The above credentials should be copied from your SSO provider. For example, if your SSO provider is Okta, you need to login into your admin account on Okta and copy this information from there. Each SSO provider has an instruction on where to find these credentials.Create new staff: If the authenticated SAML user is not a community member, create a new staff member for them automatically.
Login button text: Show the SAML authentication button in the log-in and sign-up page with this text. Leave it empty if you don't want the button to be publicly available.
Service provider (SP) details:
Single sign-on URL: Use this value for "Single sign-on URL", "Recipient URL", and "Destination URL" in your SAML provider.
Audience restriction: Enter this value in your SAML provider if it requires audience restriction.