Kumospace allows users to integrate OpenID Connect (OIDC), SAML, and OAuth 2.0 protocols for single sign-on (SSO), with a view to increasing security and convenience. This feature is available on our Enterprise plan.
What are OpenID Connect and SAML?
In simple terms, OpenID Connect and SAML are identity layers that allow our clients to verify the identity of their end users based on the authentication of their identity provider (IdP).
What is Single Sign-On?
SSO is an authentication method that allows users to securely access Kumospace using credentials from another system, e.g. their company log-in information.
This is similar to logging in using your Google or Facebook account, as you don’t need to manually create your Kumospace account, or create and remember your password.
Setting up SSO integration in Kumospace
In order to set up SSO in Kumospace, you can sign up for our Enterprise plan. Book some time to talk to our sales team and we will be happy to help. Scope out our Pricing page for more information on our paid plans.
The process is as follows:
-
Create a Kumospace account on which you’d like to implement SSO.
-
Configure your identity provider to accept authorization requests from Kumospace, using the information below. In turn, Kumospace will configure our application to issue authorization requests to your IdP.
-
We can then receive users’ credentials from your system. This step depends on your system configuration, but most often, you will be redirected to your sign-in page, and prompted to log in. We do not handle your personal password.
-
Your log-in system will send a “token” to Kumospace – a line of code that contains hidden credentials, like your name and email.
-
Finally, we can log you into Kumospace using the provided credentials.
For OpenID Connect:
Information you need from us:
-
Sign in redirect URL: https://kumospace.com/signin-redirect.
-
Scopes needed: OpenID profile email.
Information we need from you:
-
The desired Kumospace URL, e.g. https://www.kumospace.com/Your-Company-Name.
-
Your OpenID discovery document, e.g. https://…/well-known/openid-configuration.
-
Client ID.
-
Email domains to allow, typically your work email domain, or a list of domains if you have multiple.
For SAML:
Information you need from us:
- URL: https://www.kumospace.com/__/auth/handler
Information we need from you:
- Identity Provider Entity ID: URI that identifies the identity provider
- Service Provider Entity ID: URI that identifies the service provider
- SSO URL: URL of your provider's sign-in page
- Certificate: Certificate used to validate tokens signed by the identity provider
SSO log in vs Standard log in
Oftentimes, our users will need a SSO sign in for their company members, and a standard sign-in option for third-party guests to their Kumospace.
Once you’ve set up SSO integration with Kumospace, and you enter your Kumospace URL into your browser, you will be prompted to choose a log-in option – either SSO or a standard Kumospace login.
Click the Sign in with Company OKTA SSO button and you will be redirected to your company log-in page. You can also type ?login=sso at the end of your regular Kumospace URL, into your browser, to go directly to your company log-in page.
If you wish to log in as a guest, select the Sign in with Kumospace button, and you will be redirected to log in using the standard Kumospace log-in options, either your email, Google or Facebook accounts. Alternatively, you can type ?login=standard at the end of the Kumospace URL to go directly to the standard Kumospace log-in page.