What is SSO?

Single sign-on is an authentication approach that allows a user to log in with a single ID to any of several related, yet independent, software systems. This means there are fewer passwords for the user to remember and fewer systems to manage access rights for.

What SSO protocol does Coaching Culture support?

Organisations can implement Coaching Culture's Platform using their existing single sign-on provider. The Coaching Culture platform supports the SAML 2.0 protocol for Single Sign-On. 

How do I enable SSO on my Coaching Culture platform? 

Pass these instructions to your technical team!

In order to set up Single Sign-On, please navigate to the Single Sign-On section of the Admin area within the platform. You will need to be an Organisation Admin to do this. 

Tip! - When configuring SSO, we recommend that you set “Use SAML Sign Sign-On” to Allow while testing. This means that you can still log in with your password if the configuration is incorrect.

1. To configure SSO you need to complete all the fields on the single sign-on page.
2. Your Identity Provider will need certain configuration values from our platform, including our SP Metadata and ACS URL. These can also be found on the single sign-on page.

Tip! - If the 'Create Platform User On Authentication' toggle is not enabled, users must be created within the Coaching Culture platform before it will allow them access. If enabled, the platform will create a new user the first time they authenticate.

In order to provide Single Sign-On, we require either the NameID to be a valid email address for the user or for the email address to be provided as an attribute with the name “email”. In addition, if Create Platform User On Authentication is enabled, the platform will populate the surname and given name of the user on their first authentication if the following claims are provided:

In Azure ADFS, these claims will be sent automatically but in other platforms such as Okta you will need to enter these claims directly under Attribute Statements. When providing the claims enter the Full Claim Name from the table above as the attribute name.

NB: These will not be updated on subsequent logins and only take effect on the first login from that user)

The Coaching Culture platform has been tested with Azure, ADFS, Shibboleth and GoogleApps but should work with any suitably configurable SAML IDP. Once configured, ensure that the correct users are given access to the application from within your IDP (Azure, Google Apps, etc).

I've configured my SSO set up, how do users now access?

On the Single Sign on set up page, you will find your unique Service Provider Start/Login Url which users can use to access the platform through SSO. Simply copy and paste this link and promote it accordingly - e.g. this could be embedded onto your intranet. This link will take your users to the Platform's homepage.

Want to direct your users somewhere other than the platform homepage? Find out more here.