Who can use this?
Plan: Enterprise (only admins)
Managed from: Admin Dashboard
Other: IdP account admin privileges
This article describes how to set up Krisp SSO login with your Identity Provider (IdP). Single sign-on allows you to log in using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.
Check this article to learn more about how you can get started with Krisp SSO.
Krisp SSO Settings
First, go to your Admin Dashboard >>> Settings >>> Authentication. Check the Enable SSO box and click on SAML to open Configure SAML panel. You'll need this info in the further steps. Let's call this Krisp Settings.
Configuring Azure with a custom app
To configure the integration of Krisp into Azure Active Directory, you need to add Krisp to your list of managed SaaS apps. For that, follow these steps:
Creating the custom app
- Log in to Azure dashboard Portal with your admin account at https://portal.azure.com/#home
- Go to Azure services >>> Azure Active Directory.
- Click + Add >>> Enterprise application.
- To add Krisp as an application, click Create your own application.
- Give it a name (ex: Krisp_app) and click Create.
- Go to Getting Started >>> Assign users and groups
- Click None Selected.
- Choose the existing users you’d like to assign to the application and click Select.
- Click Assign to assign the selected users to the application.
Setting up SSO
- Go to Set up single sign on.
- Select SAML as the Single sign-on method.
- Edit the Basic SAML Configuration box.
- Start filling in the information:
- Identifier (Entity ID): Click Add identifier and copy the "Your team slug" value from Krisp settings to the field.
- Reply URL (Assertion Consumer Service URL): Click Add reply URL and copy the "Reply URL (Assertion Consumer Service URL)" value from Krisp settings to the field.
- Sign on URL (Optional): Copy the "Single Sign On URL" value from Krisp settings to this field.
Save these settings.
- Edit the User Attributes & Claims box. Do not modify the already existing attributes and claims.
- Click + Add new claim.
- Set the following values for the fields:
- Name: Email
- Source: attribute
- Source attribute: user.mail
Save the changes.
- Download the Certificate (Base64) from the SAML Signing Certificate box.
- Open the Krisp Settings.
- Copy Your team slug value from Krisp Settings to the Audience URI and Identity Provider Issuer fields of Krisp Settings.
- Open the downloaded certificate with the text editor and copy it to the X-509 certificate of your Krisp Settings.
- Copy the Login URL value from the Set up Krisp_app box of your Azure AD settings to the Identity Provider Single Sign On URL field of Krisp Settings.
- Click Configure in the Krisp settings.
Now the assigned users will be able to log into the Krisp team account through SSO.