Configuring Digital Pigeon to authenticate with your SAML Identify Provider is relatively straight forward and should only take a few minutes. Once configured, Digital Pigeon will automatically provision and authenticate users using your Identify Provider (IdP).
Note that Digital Pigeon will automatically provision new users the first time they log in with the configured permission level. To automatically provision new users, they must first log in via IdP initiated sign-in, then they can use Service Provider initiated sign-in. Note however that we don't remove users, so Digital Pigeon admins are advised to review the user list periodically to remove stale users.
If you run into any issues please contact Digital Pigeon at help@digitalpigeon.com for assistance. If you are on a trial you may not be able to set up SSO, if that is the case for you please contact the team as well.
IdP Specific Guides
The instructions that follow are generic and should work for any SAML-compatible IdP. However, as the SSO terminology and configuration methods vary between IdP platforms, we have made specific configuration guides for the following platforms that we recommend you refer to if they are relevant:
Required Information
Before you start you'll need the following information from your Identify Provider;
- IDP Entity Id (e.g. https://accounts.google.com/o/saml2?idpid=ABC123)
- IDP Metadata XML (File or URL)
Configuring Digital Pigeon
- Log into Digital Pigeon as the account 'Owner'
- Navigate to 'Manage' | 'SSO'
- Enter the required information collected above and choose a default role you'd like applied to new users
- Click 'Save'
Configure your Identify Provider
Instructions for configuring your Identity Provider change a lot depending on the provider (e.g. Google G-Suite) you're using. We recommend using our guides above to configure your IdP, but generally, the information they require is listed below. Note: these are just examples - the actual URLs you need can be found in the Digital Pigeon | 'Manage' | 'SSO' page
| ACS URL | https://digitalpigeon.com/login/saml2/sso/<abc123> |
| Entity ID | https://digitalpigeon.com/saml2/service-provider-metadata/<abc123> |
| Start URL | https://digitalpigeon.com/app OR <blank> |
| Metadata URL | https://digitalpigeon.com/saml2/service-provider-metadata/<abc123> |
Controlling Digital Pigeon user permissions using your IdP
All users in Digital Pigeon are assigned one of four permission levels. When SSO is enabled, you can control these permission using your IdP by passing the 'role' assertion and setting it to one of the following:
- Digital Pigeon User
- Digital Pigeon Power User
- Digital Pigeon Admin
Techniques to send this role assertion vary - please see the guides above for examples.
Note that you can't modify an Owner's permission - this must be set within the Digital Pigeon application.
Accessing Digital Pigeon if SSO is not working
If SSO is not working correctly (maybe there is a problem with your IdP, or you made a mistake setting the values above), then users with the Owner role can still log in to Digital Pigeon using the following link:
https://digitalpigeon.com/login?samlBypass=true
Comments
0 comments
Article is closed for comments.