SSO setup - Other IdPs (SAML2.0)

Splashtop now supports logging in to your Gateway and Splashtop On-Prem app using the credentials created by your SAML 2.0 identity providers, such as Azure AD, Okta, OneLogin, JumpCloud, etc.

For other IdPs, you can still set it up as an "Others" IdP from your Gateway. Please follow the below instructions to set it up.

Create a custom app from your IdP console

Depending on which IdP you are using, you can follow the instruction from your IdP to create a custom app. Here are some reference articles:

Gsuitehttps://support.google.com/a/answer/6087519?hl=en

PortalGuardhttps://bio-key.atlassian.net/servicedesk/customer/portal/1/topic/40b6f1e1-bc5e-4d74-8b1e-73abb973d36a/article/275808295

Required configuration information

Option 1: Import the Service Provider Metadata file

  • Service Provider Metadata: Download the Service Provider Metadata in Add SSO Method from your Gateway.

Option 2: Manually configure these configurations/attributes

  • Identifier (Entity ID): onpremise.splashtop.com (Copy Entity ID in Add SSO Method from your Gateway).
  • Reply URL (Assertion Consumer Service URL): https://[Gateway Address]/api/saml/acs (Copy Assertion consumer service URL in Add SSO Method from your Gateway).
  • Metadata requirement:
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • Set SSO Response to "signed"
  • Set SSO Assertion to "unsigned"

Add users to your created app

Depending on which IdP you are using, invite the user or group to the custom app created above. Here is a reference article:

Gsuitehttps://support.google.com/a/answer/6087519?hl=en

Create an SSO method from your Gateway

1. Go to your Gateway/management/Team Settings/Authentication/Single Sign-On tab to click Add SSO method.

2. Select Others as the IDP type.

3. Insert the required fields, then click Save.  
others.png

Note

Please ensure that user email is used as your unique identifier under Attribute Settings in your IdP.

0 out of 0 found this helpful