Introduction
If you do not use Okta as your identity provider, you can set up a custom SAML configuration. You must use SAML 2.0, ModernLoop doesn't support earlier versions of SAML.
If your organization uses Okta, please refer to our Okta specific documentation here: Okta Setup
ModernLoop offers Single Sign-On (SSO) authentication, a convenient and secure feature that allows users to access ModernLoop effortlessly using your existing domain credentials—the same username and password used across your organization's tools. With this approach, there's no need for ModernLoop users to remember an additional set of login credentials, streamlining the authentication process.
We will work with you to build a custom connection in your SSO provider of choice!
Pricing
Single sign-on is an optional, paid add-on service.
If you're not currently utilizing single sign-on with ModernLoop but want to explore it further, contact your Account Executive or Customer Success Manager for additional information.
Creating a custom SAML configuration
If you are interested in using a custom SAML/ SCIM Protocol, please reach out to your Customer Success Manager for next steps. Your Customer Success Manager will work with your IT team to build a custom connection.
Start by creating a new Custom App in your Identity Provider. Then please provide your CSM with the generated Metadata URL (or Metadata XML) generated by your Identity Provider. From this URL we will be able to get the proper configuration data like your SSO urls and signing certificates.
After receiving the Metadata URL, ModernLoop will configure the connection on our side and then provide an Entity ID and a Reply/ACS URL for your IT team to finalize the connection.
1. Entity ID - urn:auth0:modernloop:{{CONNECTION_NAME}}
2. Reply/ACS URL - https://auth.modernloop.io/login/callback?connection={{CONNECTION_NAME}}
Example
1. Entity ID - urn:auth0:modernloop:acme-company
2. Reply URL - https://auth.modernloop.io/login/callback?connection=acme-company
If not already configured, please set up these attributes to be passed to ModernLoop:
- email - The users primary email address
- given_name - The users first name or given name
- family_name - The users last name or family name.
Set up SCIM provisioning (optional)
All SAML SSO configurations support "Just In Time" (JIT) or manual provisioning. JIT provisioning allows ModernLoop to create and update users in ModernLoop.
- When creating a user, ModernLoop uses information from supported attributes in the SAML response from the identity provider.
- When updating a user in the identity provider, changes will apply when the user next logs in.
You can choose to enable automatic provisioning via SCIM. SCIM pushes changes immediately and allows you to import and deactivate users.
- Supported identity providers: you can enable provisioning via SCIM.
- Custom SAML configuration: you can set up SCIM with your chosen identity provider.
SCIM Attributes
The following properties passed by your SCIM provider, if provided, will be mapped directly to ModernLoop SCIMUser object and stored in the ModernLoop Database. The minimum required attributes are familyName, givenName, and emails.
- userName: mapped directly to 'userName' property coming from SCIM
- name: mapped directly to 'name' property coming from SCIM
- familyName*: The family name of the User, or last name in most Western languages (e.g., "Jensen" given the full name "Ms. Barbara Jane Jensen, III”).
- givenName*: The given name of the User, or first name in most Western languages (e.g., "Barbara" given the full name "Ms. Barbara Jane Jensen, III”).
- emails*: mapped directly to 'emails' multivalued property coming from SCIM
- displayName: mapped directly to 'displayName' property coming from SCIM
- locale: mapped directly to ‘locale' property coming from SCIM
- active: mapped directly to ‘active' property coming from SCIM. Denotes if user is active or inactive (true/false)
- modernloopRole: this is a custom property to map to ModernLoop roles - INTERVIEWER/SCHEDULER/ADMIN