Sorry, we don't support your browser.  Install a modern browser

Single sign-on (SSO) via SAML 2.0

Nolt supports Single sign-on using SAML 2.0. If you have an IdP that supports SAML 2.0 protocol, you can allow users to log in to Nolt board using our single sign-on mechanism. This guide will help you configure single-sign-on using SAML 2.0 for your Nolt board.

This feature is only available for enterprise customers.

Application setup in IdP

You have to add a new application (Nolt) in your IdP that uses SAML 2.0 for authentication. Just make sure to use the following configuration for the application.

  1. Single sign-on URL:
    https://YOUR_BOARD.nolt.io/sso/saml
  2. Audience URI (SP Entity ID):
    https://YOUR_BOARD.nolt.io
  3. Redirect URL/Callback URL/ACS (Consumer) URL/Recipient URL:
    It's compulsory to pass the Recipient URL from IdP which should be equal to the callback url. If you don't mention it (not a required field in IdP), some IdPs will automatically send the value of the Recipient URL as the ACS URL. If you mention make sure it is same as the ACS URL.
    https://YOUR_BOARD.nolt.io/sso/saml
  4. Attributes/Parameters
    It's mandatory to pass the below fields with the same field-name as below (case sensitive).
    • id
    • name
    • email
    • noltUserRole (Optional)
    • Custom Attributes (Optional)
      You can set the custom attributes that will be shown in the user profile. You can use any field-name and field value for custom attributes.
    The id should be unique for every user. The field picture (optional) can also be passed.
  5. SAML signature element
    SAML Assertion should be signed not the SAML response
  6. Signature Algorithm
    The Signature Algorithm should be RSA-SHA256 and the Digest Algorithm should be SHA256.

Integration in Nolt

Navigate to your board → IntegrationsSAML 2.0. Set up all the required fields to activate the integration.

  1. IDP entity ID (Issuer URL):
    Use the Identity Provider Issuer/Issuer URL of the Nolt application in your IdP.
  2. SP Entity ID (Audience URI):
    https://YOUR_BOARD.nolt.io
    It should match the Audience URI of the Nolt application in IdP.
  3. X509 Certificate:
    Use the X.509 certificate of the Nolt application in your IdP.
  4. Remote Login URL:
    Use the Remote Login/Endpoint URL of the Nolt application in your IdP.
  5. Remote logout URL (optional)
    Add a Remote logout URL if you want to redirect users to a specific URL after they log out from their Nolt account.
  6. User role structure (optional)
    To add the additional user role parameter for making any SSO user a moderator or admin you can set this field. For the below response,
    { customParams: { noltUserRole: 'ADMIN' }}
    The user role structure should be set as follows:
    customParameters:noltUserRole
  7. Custom Attributes (optional)
    If you have any custom attributes, you need to set up this field.
    {
      email: 'abc@gmail.com',
      customParams:{
        employees: [{
              employeeId: {
                id: 3232324,
              },
            }]
        }
    }
    
    
    For the above response from IdP the custom attributes needs to be setup as,
    { “Employee ID”: “customParams:employees:0:employeeId:id” }
  8. Click Test and activate:
    This should activate the SSO. To test the SSO try logging in as a new user.

Need help?

Please feel free to reach out at hello@nolt.io for any help regarding SAML integration.

Related

Setting up SSO with Auth0
Setup single-sign-on (SSO) via Auth0.

Setting up SSO with Microsoft Entra ID (Azure AD)
Setup single-sign-on (SSO) via Microsoft Entra ID.

Setting up SSO with Okta
Setup single-sign-on (SSO) via Okta.

Setting up SSO with OneLogin
Setup single-sign-on (SSO) via OneLogin.