2) Share your metadata certificate with us.
Once these steps are complete and both parties have configured connections, contact support to provision a test user and try the sign-on challenge end to end.
Create a new enterprise application connection:
Our metadata and entity ID are the same string: https://api.togetherplatform.com/mentoring/authorize/saml/metadata.xml
Most identity provider clients should parse this XML file and fill out most of the configuration for you. If not, ensure the EntityID is the URL above, and that our certificate is entered.
The following SAML attributes are supported by the Together SAML integration
|Optional||http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname||User's first name|
|http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname||User's last name|
|NameID||User's Identifier (Employee Id or Email)|
The NameID assertion format in your configuration should be employee ID when possible. If that is not possible, the email address can be used instead.
Setting up Just-In-Time user provisioning with Single Sign On with SAML 2.0:
Just in time user provisioning is enabled by default. If you would like to leverage just in time user provisioning, make sure you provide the optional surname and givenname SAML attributes in your assertion.
Share your metadata and certificates with us:
- We currently only support SHA256 hashing at this time, not SHA512.
- If your team has configured a Microsoft O365 calendar/video integration with Together already, you still must create a new enterprise application for your SSO configuration. Configuring SSO cannot be done within the same application approved for the O365 calendar/video integration.
- We support staging environments for testing. Please contact firstname.lastname@example.org for more information.