Getting started with Krisp SSO

Who can use this feature?

Plan: Enterprise (only admins)
Platform: Web
Managed from: Admin Portal

  Info

If you are interested in having SSO option activated for your Krisp team account, contact your Account Executive.

 

Overview

Single sign-on allows you to log in to Krisp using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.

Krisp acts as the Service Provider (SP) and offers automatic user provisioning. The team member doesn't need to register on Krisp preliminarily. Once Krisp receives a SAML response from the Identity Provider (IdP), it checks if a user with the received email address is already present in the Krisp team account. If the user does not exist, Krisp creates a user automatically with that email and assigns it to an available unassigned seat in the team. If there is no unassigned seat in the team account at the time of the first sign-in of the user, the sign-in attempt will be rejected.

Since Krisp implements the generic SAML protocol, it is compatible with a wide range of Identity provider services such as Okta, Microsoft Azure, and any other service that is compatible with SAML 2.0.

 

General instructions for the admins

To start the SSO setup, you need to first have it activated for your team account. Once it's activated, follow the steps below:

  1. Go to your Admin Portal on account.krisp.ai.
  2. Go to the Authentication section from the Security tab.
  3. Enable SSO.

    ss1.png

If you check the Enforce SSO checkbox, your team members will have SSO as the only option to get inside their accounts. Check this article for more information about Enforce SSO option.

To have the SSO for your account:

  1. Configure your IdP to send the email address of your team member to Krisp as an identifier for the account.
  2. In your Admin Dashboard, where the SSO is enabled, click on SAML and enter the information from your IdP in the Configure SAML panel.

    saml1.png

  3. Here is the information from the IdP that should be filled in the Configure SAML panel of the Krisp Admin Dashboard:
    • Audience URI
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X-509 certificate

    Once all the information is entered, click Configure.

    azure.png

Now you and your team members can sign in with SSO using your team slug and the company credentials for the IdP.

  Info

Your team slug will match your company domain name if you use your company email and if that slug is not being used by another team. Otherwise, it will be generated randomly.

All the team members can also sign in with your company email since the company domain will be automatically detected. Check this article for more information.

You can configure Krisp SSO to work with any SSO provider. Check how the configuration should be done with Okta, Azure, and GSuite.

Change SSO slug after installation

To gain further insights into the process of deploying Krisp for SSO-enabled teams, check out this article.

As an admin, you can always change the SSO slug after installation using one of those options:

  • Change from JSON body
    Open key.config file in the ProgramFiles/Krisp folder and change the sso_slug property in the JSON body.
  • Change via repair msi action using a different sso_slug
    For that, run the same MSI installer with the new slug as a parameter. It will override the sso_slug value in key.config.
  • Change during the update
    When installing the new version, you can mention a new sso_slug value in the installer parameter and the value will be overridden during the update.

Have more questions? Submit a request

Was this article helpful?
26 out of 35 found this helpful