Single Sign On (SSO) provides the ability for Content Administrators to log into the SnapComms platform using company credentials, rather than a SnapComms username and password. The following types of authentication are supported:
 

• Log in with Company ID (SAML SSO): for Content Administrators and Mobile app
• Log in with a Microsoft account (MS Azure Active Directory): for Content Administrators only

NOTE: SSO is available on SnapComms Cloud and SnapComms Private Cloud. Mobile SSO requires SnapComms Mobile Apps version 19.6 and above. 
 

Login with Company ID

The SnapComms Content Manager and Mobile App SSO via SAML will ideally work with Identity Providers that support SAML 2.0. If you plan to implement SAML SSO on either or both, kindly contact our tech.support@snapcomms.com.
 

Setting up SAML-based SSO 

Go to Management >> Integrations and click on Single Sign-On (SSO). 

Identity Provider

Fill the details in the Identity Provider (IdP) section as per your IdP's settings, including the certificate file from your IdP. If your IdP does not support a static metadata URL, click the Use Identity Provider Metadata File and upload the metadata file from your IdP. 

The required settings for setting up SnapComms as a Service Provider (SP) in your IdP can be found at the bottom of the section. If you require a SnapComms certificate, please reach out to us via support@snapcomms.com. 
 

Content Manager Administration 

Enabling the Allow Identity Provider users to access the Content Manager toggle will allow for authorized users to be provisioned an Administrator account in SnapComms. SnapComms currently supports SP based authorization. 

Make sure you enter the email domain of your Company so, when users who want to SSO to SnapComms, we can redirect them to your IdP. 

SnapComms based Authorization

Follow the below instructions to authorize SnapComms Administrators. Make sure that Users to be authorized as Administrators exist in the SnapComms platform in Users & Groups >> Users.

1. Save the current IdP configuration. 
2. The SSOAdminGroup will be automatically created. 
3. Go to Users & Groups >> Groups.
4. Click on the SSOAdminGroup.
5. Add existing Users who should also be Administrators to the SSOAdminGroup group.

When the email address of the person trying to SSO to Content Manager matches the email address of a member of the SSOAdminGroup, a Administrator account will be provisioned. 

Obs: User and Administrator accounts are managed separately. Once an Administrator account has been provisioned, removing the matching User from the SSOAdminGroup will not disable the Administrator account.
 

SnapComms Mobile Access

Enabling the Allow Identity Provider users to access the SnapComms mobile App toggle will allow for users to access SnapComms iOS and Android apps.

Clicking Click here to view mobile App settings will take you to Mac & Mobile settings. 
 

Login in with Company ID

In the normal SnapComms login page, just click the Log in with Company ID button. 



Enter the Company email address matching the email domain configuration previously saved. Clicking the Login button will start the login workflow in the IdP. 

Administrator Permissions

Administrator permissions are configured within Content Manager. Single Sign On administrators are automatically provisioned within Content Manager when they access Content Manager for the first time.

To Manage Administrator Permissions

Navigate to Management >> Administrators.



Automatically provisioned Single Sign On authorized administrators will be created with the administrator name based on their IdP username (generally of the format user@domain).

More information on administrator settings here.

 

Login with a Microsoft account

Prerequisites

• A trust established between SnapComms and the Microsoft Azure Active Directory.
• An Active Directory static group, containing the users needing access to the Content Manager, must be created in Azure AD.

Establishing a Trust

In Content Manager, navigate to Management >> Integrations.



Click on the Microsoft Account Integrations button.



Click on the Set up Microsoft sign in button.


 

Domain Administrator access to Microsoft Account

If you have Domain Administration access to your Microsoft Azure Active Directory, click the Complete authorization yourself button.



You will be taken to Microsoft Online (https://login.microsoftonline.com/common/oauth2/authorize) where you will complete the authorization process.

No Domain Administrator access to Microsoft Account

If you do not have Domain Administration access to your Microsoft Azure Active Directory, click the Send sign up link button.



The following screen is displayed:



Enter the email address of the person that has Domain Administration access to your Microsoft Azure Active Directory.
Optionally, enter a message that will appear below the following email message to your Domain Administrator.
Click the Send button.

An email will be sent to your Domain Administrator with the following content:

A user from your organization (your email address) would like to set up integrated sign on capabilities between your organizational accounts and the SnapComms Content Manager.

To complete this process, you should click the 'Authorize SnapComms' button and follow the directions to grant access in your organization's directory.



Clicking the Authorize SnapComms button in the email will take the Domain Administrator to Microsoft Online (https://login.microsoftonline.com/common/oauth2/authorize) where they will complete the authorization process.

Configuring a Group for Content Manager access

Single Sign On enables users to access Content Manager using their Microsoft Account login credentials. Control over which users are able to access Content Manager is determined by a Microsoft Azure Active Directory group.

In Microsoft Azure Active Directory, you can create a new group (or use an existing one) to control which users should have Content Manager access. Obtain the Object ID for the group specified within Microsoft Azure Active Directory.



In Content Manager, navigate to Management >> Integrations.



Click on the Microsoft Account Integrations button.



Enter the groups Object ID into the Administrator Group ID field.



Click the Save button.



If you need to change the group for any reason, repeat the above process to add the new group's Object ID.

How to login using a Microsoft account

If you are configured to use Single Sign On, please use this URL, https://login.snapcomms.com/ to access the additional Log in with a Microsoft account button.



To login using your windows credentials, click on the Log in with a Microsoft account button.



If you are logged on to your Microsoft Account, you will not be prompted to enter a username or password.
If you are not logged on to your Microsoft Account, you will be prompted by Microsoft to log in to your Microsoft Account.

Note: The windows user must be a member of the group assigned for SnapComms within your Active Directory.

Alternatively, you may still log in using a username and password, then clicking on the Login button.



Note: The username and password must exists within Content Manager under Management >> Administrators.