Single Sign-On

Single sign-on (SSO) is a method of authentication that allows users to access various applications using a single login and set of credentials. You have the option to configure your Sendbird organization to trust an external identity provider for user authentication, or you can set up a third-party application to depend on your organization for authentication.

1. Sign into Dashboard with an owner/admin account of the organization you want to enable SSO for.

2. Generate a Client ID and Client Secret through your Identity provider(IdP).

3. After you’ve configured your Idp, you can configure SAML Single Sign-On(SSO) in your Dashboard > Organization settings > Access control page.

4. Click the SAML configure button.

To view the image in full screen, click on the

5. Fill in the values from your IdP.
   You’ll need to enter your IDP Entity ID, SSO Endpoint URL and X.509 Public Certificate. Depending on your business environment, you can also enable Just In-Time Provisioning.

To view the image in full screen, click on the

Why use Just-in-Time(JIT) Provisioning?

By default IdP provides you user information, but you still need to either create a user on Sendbird side or, map an existing user to the IdP user to allow access to the Dashboard. Currently, without JIT provisioning, a user has to sign-up first using the same email address and then log-in using SSO to map the existing account to IdP user.

6. Click Save, and take a note of the SP Entity ID and SP Service URL on the popup.
   SP Entity ID: https://sendbird.com
   SP Assertion Consumer Service UR : https://gate.sendbird.com/sso/<OrganizationKey>/acs

7. Access the SSO Login page and enter the organization key.

To view the image in full screen, click on the

8. You will be redirected to your IdP login page. Login with the user information you created. If you have not checked the JIT provisioning option, you’ll have to create a Dashboard user with the same email first and then log in. With the JIT provisioning enabled, you will get an activation link. Go to your mail box and follow the link.
9. Once you’ve set up SSO, all members will be able to sign in to Sendbird Dashboard with their own IdP account.
10. A new SSO user will have the chosen role. Users who are able to change/modify the role or permissions can change their role as needed directly from the Organization Setting > Members section of the Dashboard. You’ve now successfully enabled SSO login for your Sendbird organization and all users should be able to access your Sendbird dashboard with your IdP.