Single Sign On (SSO) configuration

Single Sign On is configured under Team Settings. Selecting Enforce SSO will prevent users from logging into the platform using their username and password.

V7 supports SAML and Google Auth 2.0 as SSO protocols. Both options can be used to automatically create and add new team members, and the role which is given these new joiners is controllable via the Default Role settings.

SAML 2.0

Create Darwin as an application in your Identity Provider.

As SAML allows control of which users are assigned to an Application within the Identify Provider; any user who is able to sign in via SAML will automatically be added to the team using the configured default role.

Identifier (Entity ID): v7_labs
SAML Assertion URL: https://darwin.v7labs.com/api/users/authenticate/sso/saml/validate
NameID attribute: user.mail (Azure)
NameID format: Email address
Claims / Attribute Statements:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Azure: user.givenname
Okta: user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Azure: user.surname
Okta: user.lastName

Azure:

Okta:

Download the metadata file for the Application created in your Identity Provider and save it to Darwin in Team Settings.

Google Auth 2.0

In order to enable adding new users to your team automatically via Google Auth 2.0; it it possible to configure an email Business Domain. Any new sign-in from a matching email will then be added to your team.