This article will show you how to configure SAML for UserEcho application in Teamstack.
Once this is done, your users will be able to access UserEcho using Teamstack via SAML. Your users will use their Teamstack credentials when accessing UserEcho.
- UserEcho (SP) initiated Single Sign-On
- Teamstack (IdP) initiated Single Sign-On
- JIT (Just In Time) Provisioning
Set up SSO via SAML for UserEcho
To set up SSO you first need to add UserEcho app to Teamstack, assign it to yourself and then configure UserEcho SSO with the SAML metadata from Teamstack.
Step 1: Add UserEcho app to Teamstack
- Go to your Applications in Teamstack.
- Click "Add Application" in the top right corner.
- Search for "UserEcho" and click "Add".
- Select this app to be a "SAML" app and enter your UserEcho account name (If your URL is https://myCompany.userecho.com, enter myCompany). Leave the "Relay State" input empty.
- In Organization's Applications overview, click on the newly created UserEcho app. You will see all the details about this app.
- Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for UserEcho.
- Click on the "SAML Configurations" tab. Keep this page open, you will need these values once you configure the SAML settings in UserEcho.
Step 2: Set up SAML in UserEcho
When you enable SSO in UserEcho, users that do not yet exist in UserEcho but exist in Teamstack, will be automatically created in UserEcho when they log in to UserEcho for the first time (Just In Time Provisioning) . By default, new users will not have any group assigned.
- Log in to UserEcho with your administrator account.
- Go to SAML settings page using this link https://yourCompany.userecho.com/settings/features/saml2/ (replace yourCompany by your Company name).
- Copy "Sign-in Page URL" from the step 1.7 above and paste to "SAML SSO URL".
- Leave "SLO logout URL" blank.
- Copy "Identity Provider Certificate" from the step 1.7 above and paste to "X.509 Certificate".
- Click "Save".
Change login settings (optional):
You can change the login settings so that it's only possible to log in via SAML. For that go to "Settings" -> "Login settings", change the "Login type" to "SAML redirect" and click on "Save".
You can now test the login from Teamstack to UserEcho. You need to have UserEcho assigned to yourself in Teamstack (the step 1.6 above). To test the connection, do the following:
- Open a new incognito window
- Log into Teamstack
- Click on the UserEcho app on your dashboard
- You will be redirected to UserEcho and will be logged in without the need to enter a password at UserEcho.