Single Sign-On (SAML 2.0)

With Single Sign-on the users can use their company account to sign in to Starmind. The user base needs to be updated only in one central application. This requires more effort to implement but is better accepted by the users. Also, you don't need to maintain the user base on Starmind as we can create new users on the fly with the first login.

Metadata file

Please reach out to your Solution Architect that we can provide you with your metadata file for the single sign-on setup. Please provide us with your metadata file that we can configure our side accordingly.

Identifier (NameID)

The user will be identified by the "nameid" provided in the SAML assertion. The identifier should be unique and not change over time.

<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_23995a40-0216-4ad5-a311-6764d28b7696" IssueInstant="2014-10-10T12:57:06.032Z" Version="2.0">
	<Subject>
		<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">60bd7c0b-1118-48ed-8bae-e11b2a2e5921</NameID>
	</Subject>
	...
</Assertion>

Claims

You can find the complete list of supported attributes by Starmind below.

Attributes marked as Used by Starminds Algorithms will increase the accuracy of Starmind. To get the best out of Starmind those attributes need to be provided.

Attributes marked as Required for advanced analytics will allow you to get more insights into the application. We recommend providing those from the beginning.

NameExampleDescription
http://schemas.xmlsoap.org/
ws/2005/05/identity/claims/emailaddress
[email protected] (required)The email address of the user.
http://schemas.xmlsoap.org/
ws/2005/05/identity/claims/givenname
John (required)
http://schemas.xmlsoap.org/
ws/2005/05/identity/claims/surname
Doe (required)
genderm, f, uThe gender of the user. m for male, f for female and u for undefined gender.
positionSoftware Developer (Used by Starminds Algorithms)The position of the user in the company. E.g. "Software developer". See also the page on job title recommendations.
departmentEngineering (Required for advanced analytics)The department of the user.
companyStarmind (Required for advanced analytics)The company in which the user works.
locationZürich (Required for advanced analytics)The location from where the user works.
countrych (Required for advanced analytics)The country from which the user works. It needs to be an ISO 3166-1 alpha-2 format.
employmentStart(Used by Starminds Algorithms)Start date of the employee "2000-10-01T00:00:00".
aboutWrite a short sentence about the user, his job description department or interests.

Role Management

You can provide the roles within the SAML assertion. This will update the roles of the user on every login. By default, every user has the role user. This allows everyone to access the application. This means you don't have to provide the user role in the SAML assertion.

<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
          <AttributeValue>communication_admin</AttributeValue>
          <AttributeValue>content_admin</AttributeValue>
				  <AttributeValue>content_admin</AttributeValue>
 				  <AttributeValue>settings_admin</AttributeValue>
          <AttributeValue>user_admin</AttributeValue>
  				<AttributeValue>user_statistics_admin</AttributeValue>
</Attribute>

📘

Roles

If you want you can also group some roles in one attribute. E.g. having a role which is called "starmind_admin" for all the admin roles available.


What’s Next

Follow the page below to configure SSO with Azure AD: