Adding Shibboleth Authentication with SAML2

Adding Shibboleth Authentication with SAML2

For Hosted TechSmith Relay

TechSmith supports single sign-on (SSO) authentication through SAML 2.0. A SAML 2.0 identity provider (IDP) can take many forms, one of which is a Shibboleth indentity provider. Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.


To use Shibboleth to log into a TechSmith service like TechSmith Relay, you will need the following components:

  1. A Shibboleth instance accessible by the TechSmith Identity Web Service.
    • The Issuer will be
    • Your Assertion Consumer URL will be provided prior to the configuration call.
  2. A uniquely specified User ID attribute for each user in the system. This will be necessary for a required User ID Claim Type.
  3. A uniquely specified email address attribute for each user in the system. This will be necessary for a required Email Claim Type.
    • This does not have to be an email address that identifies the end user.
    • This maybe be of the form UNIQUEID@DOMAINNAME.TLD
    • These email addresses get used for system notifications such as nightly email quiz result to the content creator, notifications of new videos to group members, and notifications of new videos to content creators.
    • If the email address used for this claim is not a valid address, please inform TechSmith as we will disable email notifications within the system to your users with the recognition that the above email notifications will not function.
  4. An optional First Name Claim Type.
  5. An optional Last Name Claim Type.
  6. An optional Display Name Claim Type.
    • If a claim type is not included for the Display Name (which is used to show a user-friendly name of the user in the application) than the displayed identity of the user for things like viewing statistics, quiz results, and group memberships will be the email address of the user sans the domain.
      Example: uniqueemail@domain.tld

A conference call with TechSmith personnel is recommended to complete the following steps.

Configuring an Identity Provider with TechSmith

  1. If you don't already have a TechSmith account, create one at
  2. Look for the "Admin" tab at the top of the screen. (This must be enabled for your account by TechSmith personnel.)
  3. Choose SAML2 as your provider type.
  4. Add the relevant information into to the form and click "Save Changes".
  5. Visit your Relay instance and click "Sign In". Confirm that the sign in redirects you to your own login page.
  6. Attempt to login and verify that the information in the system reflects the claims you specified on the Identity Provider Configuration page.

After clicking "Save Changes" you'll see the information you'll need to configure your Identity Provider with TechSmith. The following information will be provided:

  1. Provider Name
  2. Issuer
  3. Assertion Consumer Url

This information and more is also provided in the TechSmith Federation Metadata Document provided here.

Using this information, you should be able to configure a working Shibboleth/SAML2 SSO implementation for TechSmith Relay.