Single Sign-On Authentication (SSO) offers a more efficient login process, meaning a single set of credentials can be used to log into several different applications. This is especially useful in case your organization is using multiple applications either on a daily basis or just from time-to-time. With SSO, you have control over the strength of the credentials of your employees and your employees don’t need to remember a set of usernames and passwords.

Socialbakers is fully committed to compliance and the security and protection of our users. That’s why integration with Single Sign-On providers is available for the Socialbakers platform.

 

Compatibility

Socialbakers uses the XML-based Security Assertion Markup Language (SAML) protocol for SSO, meaning that the Socialbakers SSO Authenticator will work with all Identity Provider (IdP) supporting the SAML 2.0 protocol, including Okta, OneLogin, Google, Microsoft Azure, Shibboleth, and many others.

 

Why SSO for Socialbakers:

• Control over the passwords and their strength for the IT department;
• Minimize the possibility of a security breach;
• Easy offboarding;
• No more “Forgotten Password”;
• No need to remember another set of credentials;

 

How to Request Socialbakers SSO

Go to Socialbakers Suite Account Settings → Integrations & API

You can request the integration through the “Integrations & API” page in Settings in your Socialbakers account. Find the SSO Integration and press the Request button - your Account Manager will be automatically notified and will get in touch with you as soon as possible.

Or you can contact your Account Manager directly with the request.

Once SSO is enabled for your account, the integration still needs to be set up! 

 

How to Set up SSO with Socialbakers

This part of the guide will be a bit more technical; your IT department or your IdP administrator will need to be involved in the process.

1. First, you’ll provide us with the name of the SSO provider and let us know what custom sub-domain you would like to use for login. The sub-domain is unique to you and you will need to enter it on the Socialbakers login page.
2. We will create that sub-domain on our side and send you the metadata.
3. Your IT team/IdP admin will use the metadata to configure Socialbakers in your SSO provider and provide us with the SAML metadata to finish the configuration on our side.

There are two set-up processes, depending on whether you’re a new or existing client:

1. If you’re a new Socialbakers client, we can set up the integration from the very beginning, and all Socialbakers users will be SSO-based automatically.
2. If you’re a current client and already have an account with existing users, configured reports, dashboards, etc., then first, we need to set up a new account where the SSO integration can be tested. We would invite a few users to the testing account to confirm the SSO login works as expected. Once the SSO integration is confirmed in the tested account, only then will we migrate the configuration to your existing account.

Please be aware that after switching to SSO, only users that are set up in your company SSO will have access to your Socialbakers account.

 

New login:

After the migration is complete, you can bookmark your new login page e.g https://<custom>.suite.socialbakers.com. Or, if you are used to logging in through the Socialbakers login page, don’t forget to switch to SSO login next time you want to log in.

 

Setting up Socialbakers SSO with different Login Providers

 - Okta

Socialbakers is listed in Okta's Trusted App catalogue, so the integration is straightforward:

1. Open Okta administration
2. Click Add applications under Shortcuts, in the drop-down menu to the right
   
   
3. Socialbakers has a preconfigured integration. Simply search for "Socialbakers" and click Add:
   
   
4. Go to the Subdomain field and type the domain discussed with our support team. Click Done to finalize.

5. On the Sign On tab, click View Setup Instructions
   
   
   
   
6. A new screen will be displayed where you can review the supported features, as shown in the screen below. Then, contact Socialbakers support team, again, and attach the Metadata URL link generated by Okta:
7. Socialbakers will enable the login for you and convert existing users or invite new users via SAML, according to the agreement.

 

- Onelogin

Socialbakers is listed in Onelogin’s Trusted App Catalogue, so the integration is straightforward:

1. Open Onelogin administration
2. Click Add Applications in the top menu
3. Socialbakers has a preconfigured integration, so search for "Socialbakers" and click on it
   
   
   
   
4. Enter your desired Display name - how the app will appear in your administration - and click Save
   
   
5. Now move to the Configuration tab, type in the domain discussed with our support team, and click Save
   
   
   
   
6. Now, move to the SSO tab and ensure the SAML Signature Algorithm is set to SHA-256. Save and click More Actions -> SAML Metadata. An XML file will be downloaded to your PC.
   
   
7. Contact our support team and attach the downloaded XML
8.  Socialbakers will enable the login for you and convert existing users or invite new users via SAML, according to the agreement.

 

- Other Login Providers

There are many other login providers that should be compatible with Socialbakers SSO integration. The only requirement is that they use the SAML 2.0 protocol. The configuration options and attribute names vary from provider to provider, but basically, the setup should be:

If such fields are present in the SAML response, we properly configure and update the user each time it logs in. If missing, the user is visible only by his/her email address - which must be the nameID (unique) identifier of the user.

After you finish the configuration on your side, we need three details to proceed with the configuration from our end:

• The subdomain you prefer to run your Socialbakers Suite on.
• Service URL (sometimes called SSO Entrypoint)
• Public X.509 Certificate of the SSO integration to verify the incoming request is legitimate.

Our support team will guide you on the requirements from your end to complete the integration set up.

 

Users

Each user has to be defined by an Identifier (nameId), which must be the company email (email set on the IdP). It is crucial that all users have the right Identifier filled in Socialbakers Suite so they are recognized when attempting to log in via their SSO provider. Otherwise, access is denied.

If a user has its access permitted on the SSO IdP side, but doesn’t have the access set up in the Socialbakers Suite account, the verification/authentication will fail, and the following error page will be displayed:

- Adding a User
To add a new user, you simply need to invite him/her through Socialbakers Suite. Go to Users → Press Add User.

- Deprovisioning a User
Deprovisioning a user on the IdP side is immediate and will prevent the user from logging in to its Socialbakers Suite Account. However, the user will still be listed as a user in the Socialbakers Suite account until manually removed by a Suite admin.

- Login
The user can log in via https://<company>.account.socialbakers.com, who will then be redirected to the external SSO provider login page for authentication (e.g. https:/<companyname>.onelogin.com/login). If the user is set up properly in the SSO provider and Socialbakers Suite account, he/she will be redirected to the Socialbakers Suite account and will be able to log in successfully.

- Logout
Any user can log out by pressing the Log out button, as shown below:

Note that the user will not be logged out from their SSO, but from Socialbakers Suite only.