Single Sign-On

Overview The CamoAg platform supports SAML as a well-known authentication single sign-on protocol. Customer to CamoAg We require the following information from a customer to enable SAML single sign-on:

SAML Metadata XML
Email domains governed by organization SSO (e.g. @camo.ag)

Customer Configuration Once this is sent to CamoAg, the customer would need to setup the following SAML app in their authentication provider, where “<custom-code>” would be replaced by your white-label sub-domain (e.g. acme.camo.ag would use acme). CamoAg

Entity ID: https://app.camo.ag/sp
ACS URL: https://app.camo.ag/api/auth/saml/acs/<custom-code>

Example Acme config:

Entity ID: https://app.camo.ag/sp
ACS URL: https://app.camo.ag/api/auth/saml/acs/acme

SAML Attribute mapping CamoAg requires the first name and last name of single sign-on users, which may need to be configured within the Customer’s SAML app. Customers should make sure these attributes are configured to be provided. CamoAg supports Microsoft Active Directory attributes and the following standard attribute name conventions for the following:

First Name - Required (“first_name”, “first name”, “givenName”)
Last Name - Required (“last_name”, “last name”, “surname”)
Department - Optional (“department”)
- If provided, used for SSO read-only user groups for engagement analytics segmentation, and permission granularity for features and reporting
Supervisor - Optional (“supervisor”)
Title - Optional (“title”, “jobTitle”)