SAML Single Sign-on

SAML-based single sign-on (SSO) gives members access to Vibe through an identity provider (IDP) of your choice.

Updated over a week ago

To get started, please create an admin account and team workspace on Vibe One Admin.

Then, you’ll need to set up a connection (or connector) for Vibe with your IDP. Many SSO providers are supported by Vibe for user management:

If your identity provider is different from the ones listed above, please send an email regarding your SAML IDP to support@vibe.us and our support team will get in touch with you.

Okta

Vibe supports SSO login via Okta, with the following limitations:

  • We don't support SCIM user provisioning and de-provisioning.

  • Please be advised that SSO is only applicable to Vibe's web, iPad, and mobile apps. To log in to Vibe Board, users will need to use email-based 2FA or use the SSO logged-in mobile app to scan a QR code.

  • Set up SAML SSO for Vibe

    1. Create an App Integration for Vibe first. In your Okta Admin console, navigate to Applications, and click the "Create App Integration" button.

    2. Choose "SAML 2.0" sign-in method.

    3. Enter "Vibe" as the App name, and in the next screen, enter "https://api.vibe.us/v1/oauth/saml/acs" as "Single Sign On URL" and "https://api.vibe.us/v1/oauth/saml/metadata" as "SP Entity ID".

    4. After creating the integration, you should see the screen below. Please email support@vibe.us and provide us with the information below so we can set up SAML integration on the Vibe server side.

      1. Identity Provider metadata (usually in form of an XML file)

      2. View Setup Instructions - Identity Provider Issuer

      3. Start URL: https://yourcompanydomain.sso.vibe.us/
        You can select your subdomain name, but there cannot be dots in between.

      4. The email address associated with your organization admin account on https://admin.vibe.us

  • Configure your identity provider

    You need to configure Vibe as a service provider in your SAML configuration. Here are the details:

    1. Audience URI (SP Entity ID): https://api.vibe.us/v1/oauth/saml/metadata

    2. Attribute mapping:

      • first_name

      • last_name

      • User.Email

Do you support an IDP-initiated login so our users can use an 'app' within our Okta Dashboard?

Currently, this is not supported however Okta has a workaround where you may enter the URL, https://yourcompanydomain.sso.vibe.us, in the Okta chiclet. The experience should be the same as IDP initiated login.

Microsoft Azure

  • Create Your Own Entra ID Enterprise Application

    • In Azure portal, go to Microsoft Entra ID resource from left sidebar. Choose Add > Enterprise Application > Create Your Own Application.

    • Enter "Vibe SAML SSO" as application name, and select "Integrate any other application you don't find in the gallery (Non-gallery)"

  • Configure Single Sign On for the Enterprise Application

    • Click "Setup single sign on", then choose SAML.

    • Enter following URLs into the SAML configuration, as shown below.

    • Under (2) Attribute & Claims, set up the required attribute mapping, as shown below. Note left column is case-sensitive.

      • first_name maps to user.givenname

      • last_name maps to user.surname

      • User.Email maps to user.mail

      • IMPORTANT: Please note for each Manage Claim panel:

        1. Name should be the outgoing claim that Vibe expects, such as first_name (case sensitive)

        2. Leave the optional Namespace field empty (Azure pre-fills this field, please make sure to delete auto-generated namespace)

        3. Source should be "Attribute"

        4. Source attribute should be the attribute in the Entra ID.

    • Under (3) SAML Certificate box in the same screen, download the "Federation Metadata XML". Send the downloaded XML file as an attachment to support@vibe.us, with following additional information:

      • The owner email of the workspace to set up the SAML SSO.

      • The preferred name to put into the Sign on URL (e.g. https://awesome_name.sso.vibe.us)

    • Once the SAML SSO is configured on Vibe's end, you can put the Sign on URL in step 3 into the "Sign on URL" in your Basic SAML Configuration box in Enterprise Application SAML SSO configuration page. This is an optional step. It's OK it leave it empty.

G Suite (SAML)


💡 Tip

Need more help?

Send an email to our Support Team or Submit a Support Ticket.


Did this answer your question?