In order to enable single sign-on with TechSmith Relay for your organization, there will be several steps. This process will ensure that any users who try to access your instance of TechSmith Relay are sent to your organization’s sign-on system for authentication. This provides a familiar login workflow for users, and allows accounts to be managed in a central location within your organization. The TechSmith implementation allows for just-in-time provisioning of users, where an account is only created when the user attempts to sign in.
Note: The TechSmith implementation of SSO requires an email address under your controlled domain to be provided (e.g. email@example.com).
During conversations with our sales or customer success teams, you can let us know you'd like to set up Single Sign-on (SSO) for your Relay site. To get started we will need the email address of your single sign-on administrator. We will then work with our teams to get the initial configuration set up on our end, and TechSmith will provide you:
- An instance specific Assertion Consumer URL
- The issuer URL
- Next steps documentation (included below)
Your organization will need to take the following steps in order to enable, and configure, the SSO process with TechSmith. There are many different identity provider (IdP) systems available on the market, so the exact steps to take vary. Ultimately, TechSmith requires certain pieces of information from your company to move forward with configuration.
Within your IdP please identify, and provide TechSmith with, the following information (* indicates a required field):
* Sign In Endpoint – where we send users who attempt signing in
* Sign Out Endpoint – where we send users to sign out
* Issuer – what is the domain name that signs the SAML response
* Signing Certificate in PEM format – public key for the signing certificate, this must also be included in the SAML responses
* Email Claim Type – claim type representing user’s domain email address
* User ID Claim Type – claim type representing a unique and unchanging user value within your directory
First Name Claim Type – optional – claim type representing first name of the user
Last Name Claim Type – optional – claim type representing last name of the user
Display Name Claim Type – optional – claim type representing display name for the user
* Associated Domains – list of domains you control, and would like to have access to the system
Claim types vary, depending on what system is being used, it might be a xmlsoap schema, a defined name, or a urn:oid format.
After TechSmith has all the needed information our team will schedule relatively short call with your configuration team to test the integration and ensure everything is working. In case of an error we can do some live troubleshooting to see if the issue can be identified and rectified quickly.