Squadcast SAML Single Sign-On (SSO) integration

This topic contains procedures to configure Squadcast for Single Sign-On (SSO) in CyberArk Identity using SAML.

SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time (JIT) provisioning

Before you begin

Make sure you have access to an administrator account in squadcast.com.

Configure the Squadcast app template in the Identity Administration portal

Step 1: Add the Squadcast web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust settings.

  1. In the Identity Provider Configuration section, select Metadata, then copy and save the values from the following fields: IdP Entity ID, Signing certificate, and SAML 2.0 Endpoint URL.

    This information is used later when you configure the SAML integration in Squadcast.

    IdP configuration required fields

  2. In the Service Provider Configuration section, select Manual Configuration. See Configure Squadcast for SAML SSO to copy the Squadcast ACS URL, then paste it into the Assertion Consumer Service (ACS) URL field in CyberArk Identity. Click Save after you finish.

Step 3: Configure the SAML response

  1. Verify the following attributes with the Squadcast attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    SAML response attributes
    Attribute Name Attribute Value

    Email

    LoginUser.Email
    Firstname

    LoginUser.Firstname

    Lastname

    LoginUser.Lastname

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure permissions to grant Squadcast users SSO access

Grant SSO access to Squadcast by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Squadcast for SAML SSO

Perform these steps in Squadcast to configure the Squadcast app template for SSO.

  1. Sign in to app.squadcast.com, go to Settings > Extensions, and click Integrate.

  2. Select the Custom SAML 2.0 tab and click Show configuration guide for Custom SAML 2.0.

  3. Copy the ACS URL and paste it into its corresponding field in the Service Provider Configuration section in the Identity Administration portal.

  4. Take the SAML 2.0 Endpoint URL and Signing certificate values you copied from the Identity Provider Configuration section and paste them into the relevant fields in the Squadcast application.

  1. Configure other options as needed, then click Save.

Test the Squadcast SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Squadcast, Squadcast users can benefit from IdP- and SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the Squadcast application tile to launch Squadcast in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your Squadcast account sign-in page.

  2. Enter sign-in credentials for the user account you just added.

    You are redirected to the IdP for authentication. After successful authentication, you are redirected back to the Squadcast web interface.

Additional information

See the Squadcast documentation for additional resources:

SAML 2.0 based SSO