Set Up SSO
Digital Showroom supports Single Sign-On (SSO) with SAML2 identity providers. With SSO enabled, your users can log in to Digital Showroom using their existing corporate credentials, and they are automatically provisioned and assigned to user groups based on their SSO group membership.
How SSO Works in Digital Showroom
Setting up SSO involves three steps:
- You generate a self-service configuration ticket in Digital Showroom.
- Your IT team or identity provider administrator uses the ticket URL to configure the SAML2 connection.
- Once configured, the connection activates and your users can log in via SSO.
After SSO is active, you can map SSO groups to Digital Showroom user groups so that users are automatically placed in the right groups and gain access to the right portfolios.
Generate a Configuration Ticket
- Go to User Management > SSO.
- Click Generate a self-service ticket.
- A configuration URL is generated and displayed on the page.
- Copy the configuration URL by clicking the copy icon next to it, or open it directly in a new tab using the link icon.
- Share the URL with your IT team or identity provider administrator so they can complete the SAML2 setup.
Ticket Lifecycle
Each SSO configuration ticket goes through the following statuses:
| Status | Description |
|---|---|
| Pending | The ticket has been generated and is waiting for your identity provider administrator to complete the configuration. |
| Activated | The SAML2 connection has been set up successfully. Users can now log in via SSO. |
| Expired | The ticket expired before the configuration was completed. Generate a new ticket to try again. |
| Revoked | The ticket was manually cancelled before it was used. |
Once a connection is activated, its details are displayed in the SSO connections table on the SSO page, showing the display name, creation date, and status.
Generate a New Ticket
If you need to reconfigure SSO (for example, to switch identity providers) or if a previous ticket expired, you can generate a new ticket at any time:
- Go to User Management > SSO.
- Click Generate a self-service ticket in the info card at the top of the page.
- Share the new configuration URL with your IT team.
Configure SSO Group Mapping
Once SSO is activated, you can map external SSO groups to Digital Showroom user groups. This ensures that when users log in via SSO, they are automatically added to the appropriate user groups and get access to the corresponding portfolios.
- Go to User Management > SSO.
- Scroll down to the SSO group mapping section.
- For each Digital Showroom user group listed in the table:
- Enter the SSO group code in the input field next to the user group name. This is the group identifier as defined in your identity provider.
- To map multiple SSO groups to a single Digital Showroom user group, click Add group and enter each SSO group code.
- To remove a mapping, click the trash icon next to the SSO group code.
- Click Save to apply the mappings.
Use the search bar above the mapping table to quickly find a specific user group.
How SSO Group Mapping Works
When a user logs in via SSO:
- Digital Showroom reads the user's group membership from the identity provider.
- It matches those SSO groups against the mappings you configured.
- The user is automatically added to the corresponding Digital Showroom user groups.
- The user gains access to all portfolios assigned to those user groups.
This means you do not need to manually invite SSO users or assign them to groups. Their access is determined entirely by their SSO group membership and the mappings you configure.