Here is a basic guide on configuring SAML 2.0 and SCIM 2.0 with uStudio Podcast. Below are items for your IT team as well as items for uStudio. Please review and complete everything on the checklist below.
Near the bottom, we offer guides on how to set up single sign-on (SSO) with specific identity providers (iDPs).
Check List:
- Add uStudio settings as needed to your SAML set up.
- Send the following outgoing attributes: user_id, given_name, family_name, email, and/or groupName.
- Send uStudio your Sign-on URL and X509 Signing Certificate in .pem or .cer format. Alternatively, you can send a federation file in .xml format.
- Let us know if your company uses VPN to sign-in.
uStudio SAML Settings:
Note: companycode is provided by uStudio. If you do not have a companycode, please reach out to your uStudio representative or support@ustudio.com.
- Audience Restriction URN: urn:auth0:ustudioinc:prod-companycode-podcast-sso
- Assertion Consumer Service URL: https://ustudioinc.auth0.com/login/callback?connection=prod-companycode-podcast-sso
- Certificates (public key) used for Signing and Encrypted Assertions in your iDP:
- CER: https://ustudioinc.auth0.com/cer
- PEM: https://ustudioinc.auth0.com/pem
- PKCS#7: https://ustudioinc.auth0.com/pb7
- Endpoint: https://ustudioinc.auth0.com/login/callback
- Entity ID: urn:auth0:ustudioinc:prod-companycode-podcast-sso
- Logout: https://ustudioinc.auth0.com/logout
- Outgoing Attributes:
Outgoing Attribute | Attribute | Requirement |
---|---|---|
user_id | Unique ID or Email | Required |
given_name | First Name | Optional |
family_name | Last Name | Optional |
Optional | ||
groupName | Multi-value Unique Names or IDs | Optional |
Note: All SAML attributes should be constant to avoid duplicate account entries that cause login failure. The following SAML attributes: given_name, family_name, and email are used and seen in the Podcast Management Console for the analytic Dashboard. Leaving these attributes unconfigured will leave blanks in these fields.
- Protocol Binding: HTTP-Redirect or HTTP-Post
- uStudio Metadata: https://ustudioinc.auth0.com/samlp/metadata?connection=prod-companycode-podcast-sso
- Note: This link above will not work until uStudio has connected and confirmed your certificate and sign-on URL.
- Realm Identifier: urn:auth0:ustudioinc
- Sign Request Algorithm: RSA-SHA256
- Sign Request Digest: SHA256
uStudio SCIM Settings:
Prerequisite: Please contact support@ustudio.com to establish a service account and to receive your SCIM API TOKEN, ACCOUNT-UID, and CONNECTION-UID.
Base Route
Some iDPs allow you to configure SCIM 2.0. Place this base route along with the Bearer TOKEN in the Authorization Header where applicable. We also have a SCIM API that you may use separately.
https://named-users.ustudio.com/api/v1/accounts/ACCOUNT-UID/connections/CONNECTION-UID
uStudio iDP Specific SSO Guides:
- ADFS SSO Configuration (SAML 2.0)
- Microsoft Azure SSO Configuration (SAML 2.0, SCIM 2.0)
- Okta SSO Configuration (SAML 2.0)
- Okta SSO Configuration (SCIM 2.0)
- Okta SSO App Configuration (SAML 2.0, SCIM 2.0)
- OneLogin SSO Configuration (SAML 2.0)
- OneLogin SSO App Configuration (SAML 2.0, SCIM 2.0)
- Salesforce SSO Configuration (SAML 2.0)
uStudio Enterprise Podcast applications:
Download uStudio Enterprise Podcast mobile application from Google Play or Apple Store.
Access uStudio Enterprise Podcast web application at https://podcast-web.ustudio.com/ or https://podcast-web.ustudio.com/COMPANYCODE
Smart Link: https://COMPANYCODE.podcast-links.ustudio.com will route your users to our web application or mobile application. We only support Service Provider initiated requests.
Note: You can create an application icon/bookmark that routes to these links.
Test with uStudio:
Log into the mobile or web application, then notify your uStudio Support Agent or support@ustudio.com to verify your SSO connection.