Using Single Sign-On (SSO) with Streams

Single Sign-On, or SSO, is an authentication process that allows people to log in to multiple independent applications with a single set of credentials. SSO is valuable for its enhanced security and elevated experience. In this article, we'll explain how to use SSO with Streams using Security Assertion Markup Language (SAML) 2.0 and OpenID Connect (OIDC).

Using SAML 2.0

Step 1: First, you'll configure a SAML integration with help from your IT department.

Settings

Single Sign-On URL: https://brandlive-prod.auth.us-west-2.amazoncognito.com/saml2/idpresponse

Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-west-2_BeWJwgsXO

Attribute Statements: These values will depend on your SSO configuration. Mark them down as they will need to be inserted into the Streams platform.

  • Email (required)

  • First Name (optional)

  • Last Name (optional)

Settings Example

SAML1.png

Attributes Example

SSO_2.png

Step 2: Link your Streams channel to your SAML integration.

First, log in to Streams admin SSO_3.png

Then, navigate to the gear icon in the lower left corner; Select Integrations from the flyout panel.

Streams2.png

Finally, find the SAML integration card and click configure.

SSO_5.png 

Step 3: Configure SAML for your channel

  • XML URL: Metadata XML url for the SAML integration created in step 1. This should be auto-generated when you create the integration.
  • Login Button Text: The text you would like displayed on your Login Button
  • Attribute Mapping: This should match the attribute mappings created in step 1.
  • Upload Image (Optional): Image displayed on Login Button

Once the SAML configuration is complete and turned on, you will be able to add it to any of your events in the registration settings.

Using OIDC

Step 1: Configure an OIDC integration with help from your IT department.

Settings

  • Application Type: Web
  • Grant Type: Authorization Code
  • Sign-in Direct: https://brandlive-prod.auth.us-west-2.amazoncognito.com/oauth2/idpresponse (This can be added to the list if you already have an OIDC integration)

Please note the following information from your OIDC integration:

  • OIDC Issuer (URL)

  • Client ID

  • Client Secret

  • Attribute Names

Step 2: Link your Streams channel to your SAML integration.

First, log in to Streams admin SSO_3.png

Then, navigate to the gear icon in the lower left corner; Select Integrations from the flyout panel.

Streams2.png

Finally, find the OIDC integration card and click configure.

SSO_6.png

Step 3: Configure OIDC for your channel.

  • OIDC Issuer: Value noted in Step 1
  • Client ID: Value noted in Step 1
  • Client Secret: Value noted in Step 1
  • Login Button Text: The text you would like displayed on your Login Button
  • Attribute Mapping Email (Required), First Name (optional), Last Name (optional): These values will depend on your OIDC service. Please contact your IT department for the proper values.
  • Upload image (optional): Image displayed on Login Button

Once the OIDC configuration is complete and turned on, you will be able to add it to any of your events in the registration settings.

Top