1. Is this relevant to me?
This is relevant to you if your organization uses, or is interested in using, a SAML based identity provider such as Microsoft Active Directory, Google Cloud, etc.
2. What is it?
SAML is an open standard used for authentication. SAML single sign-on (SSO) allows you and your team to access Verified using your organization's existing identity provider. This comes with the following benefits:
- Increased security and ease of use: users will rely on the same password and authentication process they are already accustomed to
- Improved user management: instead of having to manage another set of users inside Verified's admin area, your organizations' administrators will manage all the users in one place: your organization's user management tool
3. How does it work?
Instead of accessing app.verified.eu and entering your Verified credentials (email and password), users will access a custom URL using your organization's credentials. Let's say you are a member of the "Ryk & Reis" organization. Here is how things would look for you and your colleagues:
Log in with Verified credentials
Log in with the organization's credentials
4. How can I get it?
This feature is available on demand. To enable SAML Single-Sign On (SSO) for your organization, leave a message to our support staff via email at email@example.com
In order to set up the integration you will need:
- An URL slug
A short text (lowercase characters, digits and "-" only) for your organization, that will become part of the new URL (for example ryk-and-reis.verified.eu)
- A technically savvy colleague
Someone from your organization who is familiar with your identity provider's solution will need to get in touch with one of our developers in order to set up the integration
Q: How will the process look for our existing users?
Organizations using SAML SSO can be broken down into 2 categories:
- New organizations - those that have just started using Verified and have no envelopes created
- Existing organizations - those that already have users and envelopes in the Verified platform
In the case of existing organizations, the users' data will need to be migrated from their current accounts (accessed via an email and password) to new ones (which will have access to the same documents and settings as before) managed by your organizations' identity provider.
To find out more, have a look at our SAML SSO migration article.
Q: Can we use one AD user group to access multiple accounts (departments) in Verified ?
Yes, you can. It is possible for one AD group to access multiple accounts (departments) in Verified,
Q: As an administrator of our Verified account, can I still manage users inside the Verified web-app?
No. The SAML integration feature directly aims at externalizing user access management, which will now be handled directly in your user management solution.
6. Potential problems you might run into
While using the SAML integration, you or the members of your organizations might run into some known problems. Here is how they can be addressed:
Problem 1: As a user, when I try to access Verified with my organization credentials, the application loops back to the login screen.
Problem 2: When I try to access Verified with my organization credentials, I see the following message "Invalid RelayState provided".
These problems are most likely caused by a configuration error. You will need to notify the person from your technical department who was in charge of setting up the SAML integration and then create a support ticket via email at firstname.lastname@example.org. One of our developers will then get in touch to solve the issue.
Problem 3: When I try to access Verified with my organization credentials, I cannot select any accounts (departments)
Problem 4: When I try to access Verified with my organization credentials, I do not have access to accounts (departments) according to the groups I am part of
The first thing to do here is make sure that it's not a browser caching issue. In order to do this, please try logging in using the incognito mode.
If the issue still persists when using the incognito mode, then the cause is likely a configuration issue on the identity provider's side. You will need to notify the person from your technical department who was in charge of setting up the SAML integration and ask them to check the following:
- Make sure that the list of group ids/group names they sent us is correct
- If you are using Azure AD, please also ask them to check the following:
- The groups that the impaired user is a part of are assigned to the Azure AD application
If the issue still persists, please contact us at email@example.com