SAML Integration
If you centrally manage your users identities and service access with an identity provider (IdP), you can configure Security Assertion Markup Language (SAML) single sign-on (SSO) to protect your organization’s access on Gamesight.
SAML SSO gives organizations a centralized way to control and secure access to resources on Gamesight like games, trackers, and reporting data centrally from their existing identity provider (IdP). Using a centralized IdP provides multiple benefits as you roll our Gamesight within your organization:
- Centralized provisioning/deprovisioning of users allows you to have centralized access management across your entire org
- You can enforce existing security policies and rules at the IdP level
- Ease of use for your whole organization since members won't need to manage and remember their Gamesight credentials
SAML single sign-on is available on Gamesight as an add-on service. Please contact us to enable SAML single sign-on and SCIM for your organization.
About SAML SSO
After you configure SAML SSO, members of your organization will log in to Gamesight through your identity provider, rather than using Gamesight's built-in auth. If a member tries to login to Gamesight through the Gamesight login page, they will be redirected to your IdP to authenticate. After successful authentication, your IdP redirects the member back to Gamesight, where they can access your organization’s resources within their role.
Gamesight provides "just in time" account provisioning for SAML integrations. This means that accounts will be provisioned (or updated) during the IdP auth flow. This is an important distinction since any changes that you make to access or roles will not take effect until the user re-authenticates. If you would like real-time account provisioning, deprovisioning, and updates take a look at our SCIM Account Provisioning integration.
Members must periodically authenticate with your IdP to authenticate and gain access to your organizations resources. By default, Gamesight issues a 24 hour session token and a 7 day refresh token. As long as members continue using the application regularly, their session will remain active without needing to re-authenticate with your IdP. You can use SCIM to proactively deprovision a user’s access.
Supported SAML Providers
We offer limited support for all identity providers that implement the SAML 2.0 standard. We officially support these identity providers that have been internally tested:
Some IdPs support provisioning access to a Gamesight organization via SCIM. For more information, see SCIM Account Provisioning.
Managing Users with SAML
After SAML SSO has been enabled for your organization you can provision/deprovision access to your organization on Gamesight through your IdP. You will continue to be able to use Gamesight's built-in user management system to manage external users such as agencies or consultants.
If your IdP supports SCIM, Gamesight can automatically create members in your organization when you grant access on your IdP. If you remove a member's access or update their roles on your IdP, the changes will automatically be reflected in Gamesight. For more information see SCIM Account Provisioning.
If your IdP does not support SCIM then your IdP will be used for Authentication but not Authorization to specific roles. You will continue to manage user roles and permissions through Gamesight's user management system.
Gamesight does not support SAML Single Logout. To terminate an active SAML session, users should logout using the “Logout” option in Gamesights user menu. Additionally, if using SCIM, deprovisioned users will have their access revoked immediately.
Updated almost 4 years ago