SocialClimb API Documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Welcome to SocialClimb's API documentation
  2. /
  3. Other
  4. /
  5. Single Sign On SAML 2.0

Single Sign On SAML 2.0

SocialClimb supports enterprise single sign-on (SSO) using the SAML 2.0 standard (http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). Authentication is supported via both IDP and SP workflows and allows for JIT user provisioning.

SocialClimb uses OneLogin’s SAML Python Toolkit. https://github.com/onelogin/python3-saml

SocialClimb requires AuthNRequest and LogoutRequest are signed

Setup Requirements

SSO integration requires coordination between your IT department and the SocialClimb implementation team. The data that needs to be prepared prior to the integration is:

  • Metadata xml file. The metadata file should follow the SAML 2.0 standard and include all of the information necessary for SocialClimb to validate the authentication request with the identity provider. Your IDP system should be able to generate this file.
  • Socialclimb requires two Attributes/Claims in order to enable JIT user provisioning.

Required Attributes(Claims) 

<Attribute Name="Role">
  <AttributeValue>Administrator</AttributeValue>
</Attribute>

Role can be Administrator, Service User, Office Staff, Location Admin

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
  <AttributeValue>exampleuser@yourdomain.com</AttributeValue>
</Attribute>

Email should be valid and match the IDP users identity

Frequently Asked Questions

  • Does SocialClimb support SHA256 signed tokens - Yes
  • Does SocialClimb support/require signature verification of AuthNRequests? Yes
  • How are user accounts deprovisioned and terminated - Accounts can be deprovisioned and/or terminated either through the SocialClimb interface or API.

User Provisioning

  1. Within your IDP add required attributes to the users your expect to be using SocialClimb
  2. The user can then use IDP initiated or SP initiated SSO and have the user JIT provisioned

User Deprovisioning

  1. Go to the user accounts https://app.socialclimb.com/app/user-accounts
  2. Edit the user using the more options icon on the right side
  3. Scroll to the bottom and hit the trashcan icon to delete the user
  4. You will need to remove the SocialClimb Role attribute within your IDP to prevent the user from being JIT provisioned again.

Support Information

gdoc_arrow_left_alt Security Disclosure