SSO in Snappy

Single Sign-on allows you to centrally manage access to your enterprise applications, making it easier for users and more secure for the organization. The Snappy Dashboard supports single sign-on (SSO) for a variety of identity providers (IdP) through SAML. When you enable SSO, users aren't prompted to enter a password when they try to access Snappy, instead they are redirected to an external identity provider to authenticate.

To use SSO, a user must have a user account in Snappy and a corresponding identity in the external IdP.

Single sign-on process

Snappy supports Security Assertion Markup Language (SAML) 2.0 for single sign-on. SAML is an open standard for exchanging authentication and authorization data between a SAML IdP and SAML service providers. This means that we can support any IdP that supports this protocol (all modern providers).

To complete a SSO configuration for the Snappy Dashboard, you need to complete the following steps:

Create a SSO SAML 2.0 application in your IdP. This step usually varies between various IdPs and is usually done by the IT team.
Configure the SSO on the Snappy Dashboard (Owner’s credentials are required)
Invite users to the Dashboard
Login with SSO

Step 1) Create a SSO SAML Application

Configure your Identity Provider using the following information
1. Single Sign On URL: https://auth.snappygifts.com/saml2/idpresponse
2. SP Entity ID: urn:amazon:cognito:sp:us-east-1_Nx4rC8vmS
Configure SAML response***
1. Configure your Identity Provider to send the required user information:
  1. The <NameID> element must be provided within the <Subject>
  2. The <NameID> must be formatted as an email address
2. The SAML response must include the following attributes:
Extract the Issuer URL
- This will be used in the SSO configurations on the Dashboard
Add the redirect url
- https://login.snappy.com/login/SSO?ssoName=<your_sso_name>
- <Your_SSO_Name> must be unique for the organization and will be used in the Snappy configurations on the Dashboard
Add users assignments to the new application
- Note: only users that also have access to the Snappy dashboard will be able to complete a successful SSO login

***

Attribute name	Description
email	This attribute will tell Snappy how to populate the email address in the profile of the authenticated user
firstName	This attribute will tell Snappy how to populate the first name in the profile of the authenticated user
lastName	This attribute will tell Snappy how to populate the last name in the profile of the authenticated user

For example:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress → user.email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname → user.firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname → user.lastName

If you are using one of the following IdPs, you can check our step-by-step guides below:

Step 2) Configure SSO on Snappy Dashboard

Go to Company settings menu (at the top right-hand corner)
- Note: Company Owner credentials are required to access the company settings
Go to the SSO tab
- If this does not appear in the settings contact support
Configure the SSO values
- SSO name: use the same name from the redirect url parameter you defined on the previous step
- Domains: add one or multiple of your organization domains, e.g. xyz.com
- Issuer URI: add the issuer URI you extracted at the previous step
Enforce SSO: if you would like to enforce SSO in your organization, so users can only login via SSO and not user/password, please contact support.

Go to the SSO tab
- If this does not appear in the settings contact support
Configure the SSO values
- SSO name: use the same name from the redirect url parameter you defined on the previous step
- Domains: add one or multiple of your organization domains, e.g. xyz.com
- Issuer URI: add the issuer URI you extracted at the previous step
Enforce SSO: if you would like to enforce SSO in your organization, so users can only login via SSO and not user/password, please contact support at help@snappy.com

Step 3) Invite Users to the Dashboard

Make sure that each user that you assigned to the SSO application on your organization’s IdP has also signed up to the Snappy Dashboard.

You can invite new users via the following steps:

Go to users (under your user name)

Click the Invite user button

Fill the relevant information

A message will be sent to the specific user to sign up to the Snappy Dashboard. Once they complete the signup process they will be able to login via SSO

Step 4) Login with SSO

Directly from the application you configured in your organization’s IdP
For example, using the configured “SSO demo app” created in Okta:

2. Via the Dashboard login page

Click the “continue with SSO” on the login page

Enter <your_sso_name> configured in previous steps

User Guide for Updating Snappy Authentication Provider

Configure SSO with SAML on Okta

Configure SSO with SAML on OneLogin

Configure SSO with SAML on Microsoft Azure

Configure SSO with SAML on Google