Why integrate?

Organizations grow and change daily. Your employees get married, change names, get new job titles, and update email addresses. New employees may be hired and current employees may leave. 


When these changes happen, administrators at your organization need to update these accounts in every system that they appear. For larger organizations it can be an administrative burden, especially if you have large number of employees.


If your organization has an identity provider (such as Active Directory), you can integrate with CollaborNation so you only need to update employee accounts in your directory service, then the changes will be reflected in CollaborNation.


By integrating, your employees won't need to enter or remember an email/password combination to log into CollaborNation. Once they log into their identity provider, they will automatically be logged into CollaborNation as well.


How?

CollaborNation offers single sign-on (SSO) via SAML 2.0


If you're interested in integrating, please contact us. We start with a discovery meeting to make sure integrating will work for your organization. We'll provide guidance and suggestions on ways that may work best.


We recommend speaking to your organization's IT team to determine their recommended approach to integrate within your organization. Each organization may handle their directory services differently, and your IT team will know best. We also strongly suggest to include them in the discovery meeting with us.


Once agreed upon, some details will need to be shared to establish the integration.


Connecting

To integrate, we will need the following fields provided to us:


FieldDescription
IdP Entity IDA globally unique name for an Identity or Service Provider.

For Active Directory, this is often, but not always http://[DOMAIN.COM]/adfs/services/trust
Single Sign On Service URLThe URL target of the IdP where the Service Provider will send the Authentication Request. If your IdP has multiple URL targets, the one that uses the HTTP Redirect Binding should be used here. ("SAML 2.0 Endpoint (HTTP)")

For Active Directory, this is often but not always: https://[DOMAIN.COM]/adfs/ls
X.509 CertificateA digital certificate that verifies that a public key belongs to the service identity contained within the certificate.

These fields can be found in FederationMetadata.xml. If you're able to, please provide this to our team.


Then we need the following attributes mapped, all case-sensitive:


AttributeDescription
EmailProvide the name of the field containing the email address of the employee.
First NameThe first name field can be named any of the following:
  • User.FirstName
  • FirstName
  • Firstname
  • First_Name
  • first_name
  • firstname
Last NameThe last name attribute can be named any of the following:
  • User.LastName
  • LastName
  • Lastname
  • Last_Name
  • last_name
  • lastname
IdentEach site in CollaborNation is given a unique ID by which to direct the accounts into the appropriate site. This is found in the site's URL: https://collabornation.net/login/IDENT

The Ident will be provided by us. Your organization will need to configure a SAML attribute that has the static text of the Ident. You will then need to provide that attribute's name.


We can then provide to you the metadata URL, which is:

https://collabornation.net/saml_login_providers/metadata/[unique-identifier]