SiteSpect’s Single Sign-On (SSO) provides a single point of authentication through your Identity Provider (IdP). To implement this feature, SiteSpect supports Active Directory using SAML. SiteSpect integrates with your SAML IdP using Okta. You can manage SiteSpect credentials and permissions within your IdP; once established there, your employees can use their corporate credentials to sign into SiteSpect. In SiteSpect, you must specify whether a user is set up to log in with a Single Sign-On or a SiteSpect Sign-On; users can use only the login method that has been selected for their account. Contact the SiteSpect Help Desk to enable SSO for your account and your users.
Setup Steps
- Set SiteSpect permissions for SSO accounts in the IdP using group memberships as described below. Once your IdP is configured, new SiteSpect users configured in your IdP automatically have SiteSpect accounts created when they log in.
- For existing SiteSpect accounts, after setting up the integration with your IdP, SiteSpect can update the Enable Single Sign-On setting individually or in bulk, identified by email address.
Identity Provider (IdP) Configuration
We’ll need the following information from you to set up single sign-on:
- IdP Issuer URI (eg: http://example.com/adfs/services/trust)
- IdP Single Sign-On URL (eg: https://example.com/adfs/ls)
- IdP Signature Certificate
SiteSpect uses Okta to manage single sign-on. We enter the above data in Okta and then provide a metadata file which you can use to configure the Relying Party Trust.
Our SAML integration provider does not support Single Sign-Out, so we recommend that you select the Users are required to provide credentials each time at sign in option on the Relying Party Trust Authentication Policy to ensure that credentials are not cached unexpectedly.
Outgoing Claims
We require the following claims from the Relying Party Trust:
- firstName
- lastName
- NameID sent in "Email" format
We accept the following Group Claims:
For each Site ID:
- SiteSpect <SiteID> Campaign Administrator
- SiteSpect <SiteID> Campaign Auditor
- SiteSpect <SiteID> Campaign Associate
- SiteSpect <SiteID> Campaign Compliance
- SiteSpect <SiteID> Campaign Manager
- SiteSpect <SiteID> Campaign Builder
Admin User permissions:
- SiteSpect Manage SSL
- SiteSpect SSL Key Uploader
- SiteSpect Manage Site
- SiteSpect Manage Users
- All sites permissions (optional):
- SiteSpect All Campaign Administrator
- SiteSpect All Campaign Auditor
- SiteSpect All Campaign Associate
- SiteSpect All Campaign Compliance
- SiteSpect All Campaign Manager
- SiteSpect All Campaign Builder