Single Sign-On (SAML 2.0)
With Single Sign-on the users can use their company account to sign in to Starmind. The user base needs to be updated only in one central application. This requires more effort to implement but is better accepted by the users. Also, you don't need to maintain the user base on Starmind as we can create new users on the fly with the first login.
Metadata file
Please reach out to your Solution Architect that we can provide you with your metadata file for the single sign-on setup. Please provide us with your metadata file that we can configure our side accordingly.
Identifier (NameID)
The user will be identified by the "nameid" provided in the SAML assertion. The identifier should be unique and not change over time. The NameId type should be "Persistent".
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_23995a40-0216-4ad5-a311-6764d28b7696" IssueInstant="2014-10-10T12:57:06.032Z" Version="2.0">
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">60bd7c0b-1118-48ed-8bae-e11b2a2e5921</NameID>
</Subject>
...
</Assertion>
Claims
You can find the complete list of supported attributes by Starmind below.
Attributes marked as Used by Starminds Algorithms will increase the accuracy of Starmind. To get the best out of Starmind those attributes need to be provided.
Attributes marked as Required for advanced analytics will allow you to get more insights into the application. We recommend providing those from the beginning.
Name | Example | Description |
---|---|---|
http://schemas.xmlsoap.org/ ws/2005/05/identity/claims/emailaddress | [email protected] (required) | The email address of the user. |
http://schemas.xmlsoap.org/ ws/2005/05/identity/claims/givenname | John (required) | |
http://schemas.xmlsoap.org/ ws/2005/05/identity/claims/surname | Doe (required) | |
gender | m, f, u | The gender of the user. m for male, f for female and u for undefined gender. |
position | Software Developer (Used by Starminds Algorithms) | The position of the user in the company. E.g. "Software developer". See also the page on job title recommendations. |
department | Engineering (Required for advanced analytics) | The department of the user. |
company | Starmind (Required for advanced analytics) | The company in which the user works. |
location | Zürich (Required for advanced analytics) | The location from where the user works. |
country | ch (Required for advanced analytics) | The country from which the user works. It needs to be an ISO 3166-1 alpha-2 format. |
employmentStart | (Used by Starminds Algorithms) | Start date of the employee "2000-10-01T00:00:00". |
about | Write a short sentence about the user, his job description department or interests. |
Role Management
You can provide the roles within the SAML assertion. This will update the roles of the user on every login. By default, every user has the role user. This allows everyone to access the application. This means you don't have to provide the user role in the SAML assertion.
<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>communication_admin</AttributeValue>
<AttributeValue>content_admin</AttributeValue>
<AttributeValue>content_admin</AttributeValue>
<AttributeValue>settings_admin</AttributeValue>
<AttributeValue>user_admin</AttributeValue>
<AttributeValue>user_statistics_admin</AttributeValue>
</Attribute>
Roles
If you want you can also group some roles in one attribute. E.g. having a role which is called "starmind_admin" for all the admin roles available.
Updated 12 days ago