Configuring SSO on Together

First, if you do not have access to Together as an admin already, you will need to be invited as an IT Admin. The main admin building and operating your program on Together will be able to invite all IT team members from within the Integrations page.

  • For more information on how your admin team can invite you, please refer to the steps outlined here: How to Invite an IT Admin

SAML Attributes

The following SAML attributes are supported by the Together SAML integration

Instructions SAML Attribute Description
Optional http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname User's first name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname User's last name
Required http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress User's Email
NameID User's Identifier (Employee ID or Email

The NameID assertion format in your configuration should be employee ID when possible. If that is not possible, the email address can be used instead. 

  • Beginning Set Up:

Once you have been invited as an IT Admin and have signed into Together, you can make your way to the Integrations page found here. This can be found under SettingsIntegrations:

integ_page.png

From the Integrations page, you can click on the Set Up button beside the SSO integration:

SSO_setup.png

  • Select Sign-in Method:

Setting up the SSO integration in Together is simple, first, you start by selecting your sign-in method, in this case, we will be selecting SAML:

select_saml.png

Once you select your sign-in method, you will also see an option to enter an Integration Owner. You may enter an email to be notified in case the integration/connection fails at any point.

After filling out an integration owner, click the Save & Continue button:

enter_integ_owner.png

  • Adding Your Metadata:

Now you will move on to the second step of the integration: entering your Identity Provider's metadata. To do so, simply paste the metadata in the text box near the bottom of the window and the rest will be automatically parsed for you:

paste_metadata.png

Note: if you need to add multiple Identity Providers, you can do so by clicking the Add Another Identity Provider button and then pasting your second IDP's metadata in the corresponding text box.

Important: Please enter the full URL in the attribute value field of your IdP when configuring custom attributes for givenname and surname. It will not work if only the variable names givenname and surname are entered in the value field.

After pasting in your metadata, double-check to make sure each of the fields looks correct. Once you have confirmed these are correct, be sure to click the Save & Continue button near the bottom to continue on to test signing in through your SSO:

entered_metadata.png

  • Testing SSO:

After you have saved your Identity Providers metadata, you will be prompted to our Testing flow. Please read through the instructions carefully on this window, and when you're ready, click the Test button to verify you can successfully authenticate via SSO. 

Clicking the Test button will run you through a sign-in attempt via your new SSO configuration, and return you back to Together if it is successful.

test_setup.png

  • Finish Setup:

Now that you have finished configuring and testing your new SSO setup, you will see one final page asking you to confirm a few things, namely, that you have assigned all your relevant users the proper permissions in order to be able to log into Together via your SSO.

Once you have read this page, you can confirm with the checkbox near the bottom and click the Finish button to finalize the SSO integration:

finish_sso.png

  • Enable SSO:

By default, once you finish the configuration, SSO will be disabled by default until you or your admin team turns it on from the Integrations Page. If you're ready to enable this right after finishing the setup, you can toggle it on immediately, or you can wait until your admin team is ready. In either case, the configuration steps will be saved and can be enabled with the toggle switch at any time:

toggle_SSO_on.png

Note:

  • We currently only support SHA256 hashing at this time, not SHA512.
  • We support multiple organizations on Together using the same identity provider. However, please note that Just-in-Time provisioning (JIT) is not supported via identity provider-initiated logins. For organizations that share one identity provider, please prompt users to begin signing in from your organization-specific link that can be found under Settings > General > Copy Link to Platform.
  • If your team has configured a Microsoft O365 calendar/video integration with Together already, you still must create a new enterprise application for your SSO configuration. Configuring SSO cannot be done within the same application approved for the O365 calendar/video integration.
  • We support staging environments for testing. Please submit a request here to request access to our staging environment.

 

Have more questions? Submit a request here and let us know how we can help!

Share

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.