SAML/SSO with a generic or custom IdP
Account Holders have numerous security settings available in Litmus and options that protect users and content. You can configure SAML single sign-on between Litmus and your custom identity provider to simplify your users' access to Litmus.
Before you start
- Only the Account Holder can access and configure SAML settings in Litmus.
- New user seat creation is not supported via SAML. Users must be created within Litmus first and then authenticated via your IdP prior to them logging into Litmus.
- SSO with SAML can only be configured at the parent account level and is automatically applied to all subaccounts on your plan.
NOTE: SAML functionality is available with Litmus Enterprise plans
Start with Litmus settings
Find Your Subaccounts in the left side settings menu, then Security and finally the SAML tab in the popup window.
Toggle on Enable SAML. If you would like your users to only access Litmus via SSO with your IdP solution, you can check the box Enforce sign-in with SAML.
NOTE: When this option is active, the main Litmus account holder will still be able to sign in to Litmus using their Litmus credentials via the Litmus login screen. This is to prevent the main account holder from getting locked out of full account administrative functionality. Other users will be required to log in via SAML. Password resets using the Forgotten Password? option on the regular Litmus login screen will be disabled for all users.
Select Generic as your IdP.
Take note of the Post-back URL (Assertion Consumer Service URL) and Audience URI (Service Provider Entity ID), as you will need these when configuring a new app for Litmus within your IdP solution.
Continue in your IdP
Log in to your preferred identity provider as an administrator.
Following the IdP documentation, create an app in your IdP that uses the Post-back URL and the Audience URI from Litmus. Some services allow you to upload a Litmus logo as an app icon.
Configure the IdP application to allow access to all the relevant users within the organization.
Once the app is created within your IdP solution, locate and copy the single sign-on URL. Locate and copy all of the text from your IdP's X.509 signing certificate as well.
Return to the SAML configuration page in Litmus and paste your IdP's single sign-on URL into the SAML 2.0 Endpoint (HTTP) field. Paste your IdP's signing certificate content into Litmus under X.509 Certificate in Litmus.
Select the Save SAML settings button at the bottom of the Litmus set-up window.