Guide to SAML SSO

Guide to SAML SSO

Single Sign On (SSO) allows users to log into many applications or websites using an identity provider. Security Assertion Markup Language (SAML) is a security standard for managing authentication and access.

In a SAML SSO set up, the identity provider manages the organisation's user accounts and credentials. The service provider (Landchecker) is the app or website that provides services to the user or organisation.

When using SAML SSO, members log in to their Landchecker organisation using the organisation's identity provider.

How SAML SSO works:

Member attempts to log in to Landchecker via SAML SSO

Landchecker sends a SAML request to the identity provider

The identity provider checks this member's credentials

The identity provider sends a response to Landchecker to verify the member's identity

Landchecker accepts the response and logs the member into their Landchecker account

Set up SAML SSO

The process for configuring SAML will depend on your specific identity provider. We've outlined the general process for implementing SAML SSO below.

SAML SSO only applies to members of a Landchecker organization. Guests can log in via Google SSO or their email and unique password, regardless of an organization's SAML SSO settings.

1. Add Landchecker to your identity provider

When you add Landchecker to your identity provider, they will provide you with a Metadata URL or XML file. This is an XML link that Landchecker uses to connect to your identity provider and authenticate users when they login.

1.1 Click the Business Account Setting link from the profile menu.

1.2 Head over to the MY TEAM page and scroll down to the Login and Provisioning section. Click the CONNECT SAML SSO button and copy and paste the Landchecker ACS URL - keep this page with the open for step 2

1.3 Head over to your identity provider to connect Landchecker you will need to paste the Landchecker ACS URL and map the following attributes

Given Name

Family Name

Email

1.4 Copy the identity provider XML URL OR download the identity provider XML file.

2. Turn on SAML SSO in Landchecker

Next, you'll need to set up SAML SSO in Landchecker. This will:

Turn on SAML SSO for your organisation

Connect your identity provider to your Landchecker account

2.1 Head back to the MY TEAM page you have open2.2 Paste or upload the identity provider XML2.3 Check whether you want members who sign up via SAML to be automatically added to your Business Account.2.4 Click SAVE

4. Let your users know about the change

To make sure users don't mistake the email for spam or a phishing attempt, you may wish to let them know about this extra step in advance.