If you use an Identity Provider (IDP) that supports the SAML protocol (like Okta, PingIdentity, G-Suite etc...), you can configure Attendease to use your IDP to allow attendees to login to your Event websites and Organization portals.
Custom Authentication is configured at the root Organization in your Organization/Business Unit/sub-Business Unit hierarchy. Only Owners of the root Organization can adjust the configuration as follows:
Configure your Custom Authentication's SAML settings
Under Organization -> Authentications, click the "Configure" button adjacent to the Custom Authentication option.
Fill in all the SAML settings provided by your IDP:
Target URL: This is the URL that attendees are redirected to in order to login with your IDP.
Issuer URL (or Entity ID): This will vary by organization, is often a URL, but can also be any text.
Logout URL: This URL is the one Attendease will use to log your attendees out of the IDP. (note: the URL to return the attendee to after logout is passed as a parameter to your Logout URL as referrer and RelayState. It is up to your provider to redirect the user back to Attendease based on the value of these parameters).
Certificate Fingerprint: Enter the 40-character SHA1 Fingerprint that is derived from your IDP's SAML certificate.
Setup a new SAML configuration for Attendease with your Provider
In your Identity Provider's web portal, there is a place to add a new SAML application. Consult the appropriate documentation, and add an application specifically for Attendease.
You will be asked to provide a few pieces of information:
Callback URL or ACS (Assertion Consumer Service) URL: You can find your specific callback URL on the configuration screen for your Organization. It will be in the following format: https://<subdomain>.attendease.org/api/authenticate/custom/callback.
Entity ID: Use the same Callback/ACS URL (above) as the Entity ID. It will be in the following format: https://<subdomain>.attendease.org/api/authenticate/custom/callback.
Start URL: You can enter the URL of your Organization portal here, or simply enter https://<subdomain>.attendease.org/, where subdomain is the same as the one for the ACS URL (e.g. https://yourcompany.attendease.org/)
Name ID: This represents the field on the IDP's end that will be used to uniquely identify the user in Attendease. You should see an option here for "Email", "Name", "UID" etc... Please select "Email" or "Primary Email" as the Name ID.
Setup your SAML attribute mapping
Attendease also requires that your IDP send over the user's first name and last name once they are authenticated. As such, please configure the following attributes:
(Note: the attribute spelling must match exactly what you see here)
first_name
the user's first name
last_name
the user's last name
email
the user's email address (Note: setting the email attribute is optional, unless the Name ID cannot be set to use the user's Primary Email address, in which case the attribute mapping for email is required)
Configure the messaging in the login modal for your Custom Authentication
You can configure the messaging displayed to attendees surrounding the login modal for custom authentication, including the Title, Button Text and any Instructions.
Configure which of your business units and/or sub-business units have access to Custom Authentication
Once you are done the configuration, you can use the toggles under "Business Units" to determine which business units' events can make use of the Custom Authentication. You can also configure if Custom Authentication is mandatory, or if it on by default for events in a particular business unit.
On the event creation screen, your event managers will see a section called "Authentications" where all the authentication options are available via checkboxes. If the authentication method is mandatory, then it will appear as a checked checkbox that cannot be unchecked.
Note: In order to configure Custom Authentication, your Organization needs to be on an Attendease plan that includes this feature. Please contact us if you don't see the Custom Authentication option in your Organization dashboard.