Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To set up SSO with Lead Liaison, you'll need to coordinate with our support team.

Notetip

SSO does not apply also applies to the Captello mobile app since the app uses device authentication and not username and passwords.

Process Summary

Below is a summary of the process:

  1. Add a Dummy Entry: Create a placeholder (dummy) entry for Lead Liaison in your SSO platform (e.g., Okta, Entra, OneLogin, etc.). Once done, provide our support team with the Identity Provider (IdP) metadata associated with this entry.

  2. Metadata Parsing: Our team will extract the EntityID and signing certificates from the IdP metadata you provided.

  3. SP Metadata Creation: We will generate our Service Provider (SP) metadata and send it back to you. You will then need to extract the Assertion Consumer Service (ACS) URL and login URLs from this metadata and input them into your SSO platform.

SSO Account Options

Once you have SSO setup and validated, you have a handful of options in your account settings. You can get there by clicking the gear in the top right (Setup), Followed by Settings from under the Account section of the Setup Menu.

...

Once the Account Settings is open, you should see a grouping for Account which contains many settings for password enforcement, login page setup and general account defaults.

For SSO the options here that are useful are:
Allow login with Google - If you are using SAML based SSO, you can turn this option off as you do not need the Sign In with Google button on your login page.

Allow reset password - You can turn this off if you want your system to be SSO logins only. As authentication is using your system they do not need passwords on our side making the reset password redundant. If you wish to allow resetting password as a break glass, you can add a security group who is still allowed to use passwords. If someone is part of that group they must visit https://app.captello.com to sign in and/or reset password instead of your usual sign-in portal link.

Allow login form - Like reset password, if you are SSO only you can turn this off so people can not sign in using username/password. It will provide the option for setting up a break glass security group, and like reset password members who need to sign in using login/password and who are part of that security group must sign in from https://app.captello.com

Allow SSO - This should already be turned on if you have finished SSO setup with us, however, if you ever need to turn off the SSO capabilities, you can toggle the link for signing in with SSO off here.

There is a second group for SSO specific options
Enable Single Sign-On - This turns on or off the ability to sign into our system using the configured SSO

Automatically create new users if they do not exist - If this is toggled on, we will automatically create new users in our system if they have passed SSO authentication, but do not have a user existing in our system.

User Type - Lets you specify what type of user the automatic accounts are, the options are standard (website), Exhibitor (an exhibitor portal user), or Capture Portal (a user who can view only transcriptions for translations)

Security Profile - Lets you setup which security profile the automatically created users will have by default.

Authentication Settings for Mobile

From 'Setup > Events > Capture':

...

The following settings are available for the mobile app SSO:

  • Enable sign-in with an Auth Code: Disable this option to prevent users from signing in without SSO.

  • Enable using the "Forgot Auth Code" option in the mobile app

  • Enable SSO login to the mobile app.

...