Skip to main content

Platform SSO SAML Connection Process

This basic guide describes how to configure and use SAML with uStudio Platform. Below are items for your IT and business teams as well as items for uStudio. Please review and complete everything on the checklist below.

Check List

  • Send the following outgoing attributes: given_name, family_name, and email.
    • If your IdP offers one, providing uStudio a sample SAML assertion can aid in debugging issues.
  • Provide an Identity Provider Metadata XML file or a public URL to the metadata file.
    • If an Identity Provider Metadata XML file is not available, send uStudio your:
      • Single Sign-on Service URL.
      • Single Logout Service URL.
      • X509 Signing Certificate in .pem or .cer format.
  • Add uStudio settings as needed to your SAML set up.
  • Onboard or migrate admins.

uStudio SAML Settings

  • Our SAML service provider will be identified by a single URL, which will be used for all SP URLs and as the SP Entity ID/Audience URI.
    • Example: https://login.ustudio.com/auth/realms/platform-users/broker/IDP-ALIAS/endpoint
  • Once uStudio has configured its end, an SP SSO Descriptor will be available at a public URL.
    • Example: https://login.ustudio.com/auth/realms/platform-users/broker/IDP-ALIAS/endpoint/descriptor
  • Our SAML SP expects a Subject NameID element in the SAML assertion to uniquely identify the user.
  • Sign Request Algorithm: RSA-SHA256
  • Sign Request Digest: SHA256
  • Outgoing Attributes:
    Outgoing Attribute Attribute Requirement
    given_name First Name Required
    family_name Last Name Required
    email Email Required
  • Note: All SAML attributes should be constant to avoid duplicate account entries that cause login failure.

uStudio Admin Application

HUB: https://app.ustudio.com/api/v2/login?client_id=a2da148f333345d7855ee02dfe72e2d7&idp=IDP-ALIAS

PMC: https://podcast-admin.ustudio.com/login?idp=IDP-ALIAS

Onboarding Admins

  1. Assign admins from iDP to uStudio Platform application.
  2. Let the super admin or account owner login.
  3. Let the super admin or account owner alert uStudio Support of sign-in.
  4. After uStudio Support confirms sign-in, let super admin or account owner login in again to confirm access to the HUB or PMC.
  5. Let super admin or account owner invite other admins via HUB by following this guide.
  6. Let other admins accept invitations from notifications@ustudio.com.

Migrating Existing Admins

Our SAML connections expect unique emails per tenant; therefore, if you have existing admins, they will need to change their email addresses from jane.doe@email.com to jane.doe+nonsso@email.com in order to use jane.doe@email.com for SSO.

  1. Login HUB at https://app.ustudio.com.
  2. At the top-right, click your name, then click Settings.
  3. Change Email Address from yourname@email.com to yourname+nonsso@email.com.
  4. Click Save Settings.
Facebook Twitter LinkedIn
Where Media Goes to Work ™
©2020 uStudio, Inc.
Privacy Security
Home About Press Patents Contact Blog Community Careers