Single Sign-On (SSO) using Security Assertion Markup Language (SAML) allows users to access Vev through their organization's Identity Provider (IdP), offering enhanced security and a seamless login experience. Vev’s SSO integration is powered by Google Cloud Platform (GCP) Identity Platform, ensuring enterprise-grade security and scalability.
This feature is only available for accounts on the Organization plan. Interested in the feature? Talk to sales.
How SAML SSO Works
When SAML SSO is configured for your account, the login process follows these steps:
User Initiates Login: A user attempts to log in to Vev.
SAML Request Sent: Vev sends a SAML request to the Identity Provider (IdP) associated with the user’s organization.
IdP Validates Credentials: The IdP verifies the user’s credentials and sends a response back to Vev.
Access Granted: Vev processes the response and grants the user access to their account.
Configuring SAML SSO
Identity providers (IdP)
Use any identity provider of your choice. Below are the most popular identity provider platforms:
OKTA
Azure AD by Microsoft
OneLogin
ADFS by Microsoft
Auth0
Google SSO
Jumpcloud SSO
How to configure you IdP
You’ll need to configure your Identity Provider (IdP) with the correct settings to establish a secure SSO connection with Vev.
Go to Your Identity Provider's Configuration Section
Navigate to your IdP's configuration area and follow their instructions to set up single sign-on. Each IdP has its own setup process, so refer to their specific documentation if needed.Add the Following Metadata
Use the metadata settings below when configuring your IdP. We recommend skipping any optional fields and leaving any default values as they are:Protocol: SAML 2.0
Service URL (SP-initiated URL) (Also known as Launch URL, Reply URL, Relying Party SSO Service URL, Target URL, SSO Login URL, Identity Provider Endpoint, etc.):
https://editor.vev.design/sso
Assertion Consumer Service URL (Also known as Allowed Callback URL, Custom ACS URL, Reply URL):
https://editor.vev.design/__/auth/handler
Entity ID (Also known as Identifier, Relying Party Trust Identifier):
saml.x + account key
(this will be found in your configuration modal)Required Attribute Names:
email
NameID Format:
email
Depending on your IdP, you may need to provide additional details or adjust settings based on these specifications. Reach out to support if you need any assistance in this process.
Enabling SAML SSO in Vev
To enable and configure SAML SSO in Vev, follow these steps:
1. Accessing the SSO Settings
Navigate to Account Settings.
Select the Security tab from the menu.
2. Configuring and Registering Your IdP
Click Set up on the identity provider of your choice:
Okta Authentication
Custom SAML Provider
The custom SAML provider option is a generic authentication provider for SAML2-based systems, allowing you to manually configure any SAML2-enabled IdP.
You can register your IdP with Vev using one of the following methods:
Using Metadata URL
If your IdP provides a Metadata URL, simply enter it in the provided field. Vev will automatically retrieve all the necessary metadata from the URL.
Using Provider XML
If you have the IdP’s generated metadata file, copy its contents and paste them into the designated text field in Vev. This method allows Vev to configure the necessary settings based on the provided XML data.
Using Provider Data
For a more manual setup, you can enter the required data fields from your IdP directly into Vev. This method involves matching up specific values such as Entity ID, Single Sign-On URL, and x509 Certificate, which can typically be found in the IdP’s metadata file.
4. Finalizing the Setup
Once the settings are configured:
All users on your account will need to enable the SAML SSO login method in their Profile settings.
Existing users will have three months to switch to SSO login. They will be notified in-app to complete this process.
Logging in via SSO
When users attempt to log in to Vev, they need to click the "Log in using SSO" link on the login page to access the SSO login directly. Once they've entered their email Vev will recognize the login provider associated with the user’s email and initiate the authentication process accordingly.
Important Considerations
One SSO Provider Per Account: Only one SSO provider can be enabled per account. Configuring a new provider will overwrite the previous one.
SSO Requirement: Once SSO is enabled, all users must use it to access their accounts. Previous credentials will no longer work.