Skip to main content

Set up custom SAML 2.0 configuration

Set up custom SAML 2.0 configuration

Available on: Enterprise plan
Required role: Workspace admin

Single sign-on (SSO) allows for an easier and more secure way for your workspace members to access Epidemic Sound. To learn more and to get started, please check out Guide to SAML SSO. SSO works with any SAML 2.0 compliant identity provider.

Step 1: Find the SAML properties for your workspace

In the first step you need to configure your identity provider. To complete this step you will need some values from your Epidemic Sound workspace.

  1. On epidemicsound.com, navigate to the menu at the top right of the screen and select Organization.
  2. Select the Identity & Provisioning tab
  3. Ensure at least a single verified domain has been registered to your workspace, it is a requirement for SAML SSO.
  4. Click the button Configure SSO. A modal dialog will appear with the SAML properties for your Epidemic Sound workspace.

Keep the tab open, you will need the values in the next step.

saml_properties_2.png

 

Step 2: Configure your identity provider

The values that you will need from the SAML Properties modal are:

  • ACS URL (a.k.a Reply URL, Callback URL or similar)
  • SP Entity ID

We support both SP-initiated and IdP-initiated SSO. It you prefer to always use SP-initiated even when users initiate the log in from your identity provider dashboard (and if you identity provider supports it) then we provide a URL that can be used to start the login process from our side: https://www.epidemicsound.com/sso/saml/[Tenant ID]/. Tenant ID can be found in the SAML Properties modal.

Configure SAML attributes

  1. Ensure Name ID Format is set to emailAddress. This means it should be of the format: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  2. Configure the following attributes to be included with your SAML assertion:
    a) (Optional) FirstName
    b) (Optional) LastName

Now you are ready to enable SSO for your workspace. If your identity provider exposes a metadata URL then copy that to your clipboard. If not then you will instead need the sign on URL, issuer/IDP Entity ID and your public certificate/signing key.

 

Step 3: Enable SAML SSO in Epidemic Sound

In the Configure SSO modal, click the Next button on the SAML properties step (Identity & Provisioning → Configure SSO) to get to the Edit SSO configuration step. Here you have two options:

  • Enter the metadata URL (recommended): With the metadata URL we can fetch the necessary information for you and renewing the public certificate will be simpler in the future.
  • Fill in the information manually: If your identity provider does not expose a metadata URL then paste the values from the previous step here.

edit_sso_config.png

Once you’ve reviewed that the information looks correct you can go ahead and enable SSO. When first enabling SSO it is set up as an optional login method, members can still continue logging in with their existing credentials.

We strongly recommend you to test logging in via SSO in an “incognito” window before requiring SSO to reduce the risk of being locked out. You can use the start URL: https://www.epidemicsound.com/sso/saml/[Tenant ID]/. The Tenant ID can be found at the SAML properties step of the Configure SSO modal.

You have now configured SSO. For more details or information on how to require your members to only login with SSO, see the main SSO guide.

Related articles