SAML Single Sign-on

SAML-based single sign-on (SSO) gives members access to Vibe through an identity provider (IDP) of your choice.

Updated over a week ago

To get started, please create an admin account and team workspace on Vibe One Admin.

Then, you’ll need to set up a connection (or connector) for Vibe with your IDP. Many SSO providers are supported by Vibe for user management:

If your identity provider is different from the ones listed above, please send an email regarding your SAML IDP to support@vibe.us and our support team will get in touch with you.

Okta

Vibe supports SSO login via Okta, with the following limitations:

  • We don't support SCIM user provisioning and de-provisioning.

  • Please be advised that SSO is only applicable to Vibe's web, iPad, and mobile apps. To log in to Vibe Board, users will need to use email-based 2FA or use the SSO logged-in mobile app to scan a QR code.

  • Set up SAML SSO for Vibe

    1. Create an App Integration for Vibe first. In your Okta Admin console, navigate to Applications, and click the "Create App Integration" button.

    2. Choose "SAML 2.0" sign-in method.

    3. Enter "Vibe" as the App name, and in the next screen, enter "https://api.vibe.us/v1/oauth/saml/acs" as "Single Sign On URL" and "https://api.vibe.us/v1/oauth/saml/metadata" as "SP Entity ID".

    4. After creating the integration, you should see the screen below. Please email support@vibe.us and provide us with the information below so we can set up SAML integration on the Vibe server side.

      1. Identity Provider metadata (usually in form of an XML file)

      2. View Setup Instructions - Identity Provider Issuer

      3. Start URL: https://yourcompanydomain.sso.vibe.us/
        You can select your subdomain name, but there cannot be dots in between.

      4. The email address associated with your organization admin account on https://admin.vibe.us

  • Configure your identity provider

    You need to configure Vibe as a service provider in your SAML configuration. Here are the details:

    1. Audience URI (SP Entity ID): https://api.vibe.us/v1/oauth/saml/metadata

    2. Attribute mapping:

      • first_name

      • last_name

      • User.Email

Do you support an IDP-initiated login so our users can use an 'app' within our Okta Dashboard?

Currently, this is not supported however Okta has a workaround where you may enter the URL, https://yourcompanydomain.sso.vibe.us, in the Okta chiclet. The experience should be the same as IDP initiated login.

Microsoft Entra ID (Microsoft Azure Active Directory)

  • Create Your Own Entra ID Enterprise Application

    • In Azure portal, go to Microsoft Entra ID resource from left sidebar. Choose Add > Enterprise Application > Create Your Own Application.

    • Enter "Vibe SAML SSO" as application name, and select "Integrate any other application you don't find in the gallery (Non-gallery)"

  • Configure Single Sign On for the Enterprise Application

    • Click "Setup single sign on", then choose SAML.

    • Enter following URLs into the SAML configuration, as shown below.

    • Under (2) Attribute & Claims, set up the required attribute mapping, as shown below. Note left column is case-sensitive.

      • first_name maps to user.givenname

      • last_name maps to user.surname

      • User.Email maps to user.mail

      • IMPORTANT: Please note for each Manage Claim panel:

        1. Name should be the outgoing claim that Vibe expects, such as first_name (case sensitive)

        2. Leave the optional Namespace field empty (Azure pre-fills this field, please make sure to delete auto-generated namespace)

        3. Source should be "Attribute"

        4. Source attribute should be the attribute in the Entra ID.

    • Under (3) SAML Certificate box in the same screen, download the "Federation Metadata XML". Send the downloaded XML file as an attachment to support@vibe.us, with following additional information:

      • The owner email of the workspace to set up the SAML SSO.

      • The preferred name to put into the Sign on URL (e.g. https://awesome_name.sso.vibe.us)

    • Once the SAML SSO is configured on Vibe's end, you can put the Sign on URL in step 3 into the "Sign on URL" in your Basic SAML Configuration box in Enterprise Application SAML SSO configuration page. This is an optional step. It's OK it leave it empty.

G Suite (SAML)

  • Create a Custom SAML app

    If you haven't already, create a Custom SAML app in your Google Workspace Admin Console. You can find it in the Apps > Web and mobile apps in the side bar navigation, as shown in the screenshot below.

  1. App name can be anything for you to identify it later. E.g. "Vibe SAML SSO"

  2. In the second screen, download the metadata XML file and send it to support@vibe.us. In the email, please also include:

    1. The email address you used to create the Vibe One Admin account.

  3. In the third screen (service provider details):

  4. In the final screen (attribute mapping):

    1. First name maps to "first_name"

    2. Last name maps to "last_name"

    3. Primary email maps to "User.Email"

    4. See screenshot below for reference.

Once app is created, we will configure on our end and let you know when SAML sign in has been activated.

  • Update SAML Configuration

    In case you need to change SAML configuration (e.g. fix attribute mapping issue), you can enter the same setup UI by selecting the SAML app you've created, and click on either "Service provider details" or "SAML attribute mapping" section.


💡 Tip

Need more help?

Send an email to our Support Team or Submit a Support Ticket.


Did this answer your question?