How to set-up Single Sign-On

An introduction to Single Sign-on

MeetinVR offers a feature called Single Sign-On (SSO) to all team administrators. Single Sign-On is a technology that allows your team users to login using a different identity provider separate from MeetinVR. The main use case for this feature is to allow your users to login through their enterprise work account. To achieve Single Sign-On, MeetinVR uses a widespread technology called SAML 2.0.

One of the main benefits to using Single Sign-On is that it keeps your company in-control of passwords handling, verification, security and access management. MeetinVR’s servers will not need to store user passwords, but instead use your identity server to trust a user has been logged in. Also, by revoking your user accounts, for example when an employee leaves the company, the MeetinVR account can no longer login.

This guide will explain how to set-up SSO for your team.

To set up SSO, you will need administrator access to your team, and you will most likely need some details and work in close collaboration with your IT team.

Setting up SSO

1. Sign in to your MeetinVR account and make sure your team is selected in the top-right corner of the dashboard.

2. Navigate to Team > Single sign-on

3. On the bottom of the page, you will find your MeetinVR SAML 2.0 Configuration. Copy these settings and supply these to your IT Department or Identity provider. You can use these settings to set up an application and authorize MeetinVR to use your service as a login provider. Depending on the identity provider, these steps can differ.
   
   App Id - This is the name of our application, for your service to use as an identifier.
   Sign-on URL - This is the URL that your users will use to sign in to MeetinVR through your identity provider.
   Reply URL - This URL is the location that your identity server should send your users to once authenticated.
   XML metadata URL - This URL contains a file that contains the previous details in data form. Used by some identity providers to quickly set-up SSO.

4. Once set up, enter your details obtained from your identity provider on the Team > Single sign-on page.
   
   Identity Label - The name of the login type. This is used for the MeetinVR login screen.
   Login URL - This is the URL that should be used to start the SAML 2.0 login flow.
   Certificate - The signing certificate used issued by your identity provider.

You have now set-up SSO. The next steps will explain how to use SSO in your team.

Enabling SSO for your users

For security reasons, as an admin, you can only assign SSO to new users. These steps will explain how to allow your new users to login using your identity provider.

MeetinVR uses the E-mail address as a unique identifier to recognize your users.

1. Navigate to your Team > Users page.

2. Click Add user +.

3. Enter the user details.

4. On the right side, ensure you enable SSO login to allow the new account to sign-up using SSO right away.

5. Optionally, you can disable Password login. This will ensure the new account will not be able to set-up a MeetinVR password.

If you want your existing users to be able to use single sign-on, the following action is required from your users:

1. Sign in to your MeetinVR account.

2. In the top-right corner, click your icon and press Profile.

3. Scroll to the bottom. You should see the SSO method listed here.

4. Press Link now to enable sign-in with this identity provider.

Signing in using SSO

To sign in using SSO, your admin first needs to enable SSO for your team, and for you as a user. Once set-up, the following steps can be followed to login:

1. Navigate to the MeetinVR Dashboard login screen.

2. Type in the email address for the user.

3. Once typed, the button for your specific login provider will show. Use this button to sign in!

Alternatively, you can use the Sign-on URL listed in your team’s SSO settings to directly start logging in. It might be worth saving this URL as a bookmark and sending it to your team members to save them some time.