This guide provides an overview of Shiftboard's SAML2 configurations for Single Sign-on.
Shiftboard has pre-configured SAML2 Single Sign-on settings for Okta and OneLogin, but can support other identity providers as well.
The SAML2 settings can be found by navigating to General Settings, and clicking the “SAML2 Authentication Settings” link about halfway down the page. A small window will pop-up with the relevant settings. Due to a bug, you will need to open this in a new tab, rather than as a pop-up. The configurations will only save if opened in a new tab.
-If they are using Okta or OneLogin the client will need us to send the Organization ID displayed at the top of the window. They will also need to add Shiftboard as an app to their Okta/OneLogin site, we are an approved vendor in both systems so they should be able to find us by simply searching for “Shiftboard.” For other providers, they will need to know the full URL to initiate authentication “https://www.shiftboard.com/login/saml2/THEIRORGID”
-“Enable SAML2 authentication” should be checked to turn on the tool. This can be left un-checked if the client wants to wait to go live.
-“Enable Just In Time Provisioning” allows accounts to be created through SSO. If this is not checked, someone will not be able to use SSO unless they already have an account in the site.
-Attribute Mapping is a dropdown that allows you to select between Okta, OneLogin, and ‘Custom,’ depending on which identity provider is being used. If the custom attribute mapping is selected, you will also need to enter the attribute names for first name, last name, and email. Generally the client will need to tell us the attribute name that maps to each of those fields.
-Finally, the client will need to provide an IdP Metadata file. The maps SSO login credentials to accounts in Shiftboard. See the corresponding screenshots for how to get the metadata from Okta and OneLogin. Other identity providers will likely have different UIs, but we expect the client to have an IT resource familiar with their SSO vendor.