Who can use this?
Plan: Teams, Enterprise (only admins)
Platform: Web
Managed from: Admin Dashboard
Other: IdP account admin privileges
This article describes how to set up Krisp SSO login with your Identity Provider (IdP). Single sign-on allows you to log in using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.
Check this article to know how you can get started with Krisp SSO.
Krisp SSO Settings
First, go to your Admin Dashboard >>> Settings >>> Authentication. Check the Enable SSO box and click on SAML to open Configure SAML panel. You'll need this info in the further steps. Let's call this Krisp Settings.
Configuring your IdP with a custom app
To configure Krisp with Okta, follow these steps:
- In the Okta dashboard of your organization, go to Applications >>> Applications.
- Click on Create App Integration.
- Select SAML 2.0 as the Sign-on method.
Click Next. - You will be led to the General tab of the Application page. Insert the following information there:
- App name: custom name that your teammates will see when signing in. Ex: Krisp Okta
- App logo: the logo of your company in .png, .jpg, or .gif format that can be visible to your teammates when singing in
Click Next. - You will be led to the SAML Settings page. Insert the following information there:
- Single sign on URL: copy the Reply URL (Assertion Consumer Service URL) from Krisp Settings to this field
- Audience URI: a custom name. Ex: Krisp Okta
- Name ID format: EmailAddress
- Application username: Okta username
Specify the following in the Attribute Statements section:
- name: email
- value: user.email
Copy the Audience URI you set in this step to the Audience URI and Identity Provider Issuer fields of the Krisp Settings.
Come back to the Okta Dashboard, scroll down and click Next. - You will be led to the Feedback window. Pick one of the two options based on your case:
Click Finish - In the Okta Dashboard, you will be led to the Sign on Settings. Click on View setup instructions.
- Copy the Identity Provider Single Sign-On URL to the corresponding field in your Krisp Settings.
- Copy the X.509 certificate text to the corresponding field in your Krisp settings.
- Click Configure in the Krisp Settings. - Go back to your Okta dashboard >>> Assignments tab.
Click on the Assign >>> Assign to People option. Assign those who should be able to log in to your Krisp team with SSO to your application.
Now the assigned email holders will be able to sign in to their Krisp accounts by using the Krisp team slug and authenticating in Okta accounts.
To configure the integration of Krisp into Azure Active Directory, you need to add Krisp to your list of managed SaaS apps. For that, follow these steps:
Creating the custom app
- Log in to Azure dashboard Portal with your admin account on https://portal.azure.com/#home
- Go to Azure services >>> Azure Active Directory.
- Click + Add >>> Enterprise application.
- To add Krisp as an application, click on Create your own application.
- Give it a name (ex: Krisp_app) and click Create.
Assigning users
- Go to Getting Started >>> 1. Assign users and groups
- Click None Selected.
- Choose the existing users you’d like to assign to the application and click Select.
- Click Assign to assign the selected users to the application.
- Go to Set up single sign on.
- Select SAML as the Single sign-on method.
- Edit the "Basic SAML Configuration" box.
- Start filling in the information:
- Identifier (Entity ID): Click Add identifier and copy the "Your team slug" value from Krisp settings to the field.
- Reply URL (Assertion Consumer Service URL): Click Add reply URL and copy the "Reply URL (Assertion Consumer Service URL)" value from Krisp settings to the field.
- Sign on URL (Optional): Copy the "Single Sign On URL" value from Krisp settings to this field.
Save these settings. - Edit the "User Attributes and Claims" box. Do not modify the already existing attributes and claims.
- Click + Add new claim.
- Set the following values for the fields:
- Name: Email
- Source: attribute
- Source attribute: user.mail
Save the changes. - Download the Certificate (Base64) from the "SAML Signing Certificate" box.
- Open the Krisp settings.
- Copy the "Your team slug" value from Krisp settings to the "Audience URI" and "Identity Provider Issuer" fields of Krisp settings.
- Open the downloaded certificate with the text editor and copy it to the "X-509 certificate" of your Krisp settings.
- Copy the "Login URL" value from the "Set up Krisp_app" box of your Azure AD settings to the "Identity Provider Single Sign On URL" field of Krisp settings. - Click Configure in the Krisp settings.
Now the assigned users will be able to log into the Krisp team account through SSO.
- Go to your JumpCloud dashboard >>> SSO.
- Click on the + sign >>> Custom SAML app.
- You will now be on the General Info page.
Add a Display Label for your new application and optionally, add a logo.
Click activate. - You will now be on the SSO page. Complete the following actions:
- IdP Entity ID: copy "Your team slug" value from Krisp settings to this field
- SP Entity ID: copy "Your team slug" value from Krisp settings to this field
- ACS URL: copy the "Reply URL (Assertion Consumer Service URL)" from Krisp Settings to this field
- Login URL: copy the "Single sign on URL" from Krisp Settings to this field
- IDP URL: specify the ending of the URL (ex: krispjumpcloud). Copy the URL to the "Identity provider single sign on URL" field in Krisp Settings
Info
Note that the IdP URL cannot be shared across applications and this URL is not editable after creation. - Stay on the same page in JumpCloud. Scroll down to the Attributes section. Click add attribute. Specify the following values:
- Service Provider Attribute Name: email
- JumpCloudAttribute Name: email
Click activate. - You will get the following notification:
Public Certificate has been created.
Download the certificate from the notification window.
You can also download the certificate by going to the newly created custom app >>> IDP Certificate Valid >>> Download certificate. - Open the downloaded certificate and copy it to the X-509 certificate field in Krisp Settings.
- Copy "Your team slug" value from Krisp settings and copy it to the following fields:
- Audience URI in Krisp Settings
- Identity provider issuer in Krisp Settings
Click Configure. - Go back to the custom app >>> User Groups. Select the user group(s) you want to assign the application to.
Click save.
Now your team members will be able to sign into their Krisp accounts by logging into their JumpCloud accounts using the Krisp team slug.
Follow these steps to configure Krisp SSO with GSuite.
- Go to your GSuite admin account
- Go to the "Apps" section >>> SAML apps
- Start setting up a new Custom App
- You will be led to the "Google IdP Information" step
- Copy the "SSO URL" from the GSuite dashboard to the "Identity Provider Single Sign On URL" field in the "Configure SAML" window of your Krisp team account settings
- Download the Certificate from the GSuite Dashboard, open with a text editor and copy to the "X-509 Certificate" field in the "Configure SAML" window of your Krisp team account settings
- Click Next on the "Google IdP Information" window in GSuite - You will be led to the "Basic Information for your Custom App" step.
- Set an "Application name". Ex: KrispApp
- Upload your company logo as a .png or .gif file
- Click Next - You will be led to the "Service Provider Details" step
- Copy the "Reply URL (Assertion Consumer Service URL)" from the "Configure SAML" window in the Krisp account settings to the "ACS URL" field
- Copy the "Single Sign On URL" from the "Configure SAML" window in the Krisp account settings to the "Start URL" field
- Set an Entity ID. Ex: MyGSuiteEntityID. Copy it to both the "Audience URI" and "Identity Provider Issuer" fields of the "Configure SAML" window in the Krisp account settings and save the changes there
- Make sure that "Basic Information >>> Primary Email" options are selected for the Name ID
- Pick "EMAIL" as the Name ID Format
- Click Next - You will be led to the "Attribute Mapping" step
- Click on the "ADD NEW MAPPING"
- Set the mapping as "email >>> Basic Information >>> Primary Email"
- Click Finish
- Now all you need to do is active the created app. Click on ""Edit Settings" for the created app.
Pick who within your organization the SSO should be on for and Save.
Now your team members will be able to sign into their Krisp accounts by logging into their GSuite accounts using the Krisp team slug.