Configuring SSO on Together
First, if you do not have access to Together as an admin already, you will need to be invited as an IT Admin. The main admin building and operating your program on Together will be able to invite all IT team members from within the Integrations page.
- For more information on how your admin team can invite you, please refer to the steps outlined here: How to Invite an IT Admin
The following SAML attributes are supported by the Together SAML integration
|Optional||http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname||User's first name|
|http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname||User's last name|
|NameID||User's Identifier (Employee ID or Email|
The NameID assertion format in your configuration should be employee ID when possible. If that is not possible, the email address can be used instead.
Beginning Set Up:
Once you have been invited as an IT Admin and have signed into Together, you can make your way to the Integrations page found here. This can be found under Settings > Integrations:
From the Integrations page, you can click on the Set Up button beside the SSO integration:
Select Sign-in Method:
Setting up the SSO integration in Together is simple, first, you start by selecting your sign-in method, in this case, we will be selecting SAML:
Once you select your sign-in method, you will also see an option to enter an Integration Owner. You may enter an email to be notified in case the integration/connection fails at any point.
After filling out an integration owner, click the Save & Continue button:
Adding Your Metadata:
Now you will move on to the second step of the integration: entering your Identity Provider's metadata. To do so, simply paste the metadata in the text box near the bottom of the window and the rest will be automatically parsed for you:
Note: if you need to add multiple Identity Providers, you can do so by clicking the Add Another Identity Provider button and then pasting your second IDP's metadata in the corresponding text box.
After pasting in your metadata, double-check to make sure each of the fields looks correct. Once you have confirmed these are correct, be sure to click the Save & Continue button near the bottom to continue on to test signing in through your SSO:
After you have saved your Identity Providers metadata, you will be prompted to our Testing flow. Please read through the instructions carefully on this window, and when you're ready, click the Test button to verify you can successfully authenticate via SSO.
Clicking the Test button will run you through a sign-in attempt via your new SSO configuration, and return you back to Together if it is successful.
Now that you have finished configuring and testing your new SSO setup, you will see one final page asking you to confirm a few things, namely, that you have assigned all your relevant users the proper permissions in order to be able to log into Together via your SSO.
Once you have read this page, you can confirm with the checkbox near the bottom and click the Finish button to finalize the SSO integration:
By default, once you finish the configuration, SSO will be disabled by default until you or your admin team turns it on from the Integrations Page. If you're ready to enable this right after finishing the setup, you can toggle it on immediately, or you can wait until your admin team is ready. In either case, the configuration steps will be saved and can be enabled with the toggle switch at any time:
- We currently only support SHA256 hashing at this time, not SHA512.
- We support multiple organizations on Together using the same identity provider. However, please note that Just-in-Time provisioning (JIT) is not supported via identity provider-initiated logins. For organizations that share one identity provider, please prompt users to begin signing in from your organization-specific link that can be found under Settings > General > Copy Link to Platform.
- If your team has configured a Microsoft O365 calendar/video integration with Together already, you still must create a new enterprise application for your SSO configuration. Configuring SSO cannot be done within the same application approved for the O365 calendar/video integration.
- We support staging environments for testing. Please submit a request here to request access to our staging environment.
Have more questions? Submit a request here and let us know how we can help!