This article explains how to set up your SAML 2 Identity Provider to authenticate your users to Digital Theatre+
Digital Theatre+ supports Single Sign On using a SAML 2 Identity Provider, allowing your users to sign in using your existing Identity solution.
We have created some guides for popular Identity solutions, you can find links to these towards the bottom of this article.
Please use the form at https://sso.digitaltheatreplus.com when you're ready to submit your Single Sign-On configuration request.
Step 1 - Configure a new SAML application in your identity solution
You will need set up a new SAML 2 application in your Identity solution.
- The Audience URI for your application will be: https://auth.digitaltheatreplus.com
Your application will need to be configured to assert the following information:
- Subject Name ID
- Email address (if different from Subject Name ID)
By default our service provider requires the following attributes, so if your Identity Provider has a different configuration, please let our support team know via firstname.lastname@example.org.
I need the ACS URL and Audience URI first!
Some Identity Solutions requires the metadata (the Assertion Consumer Service URL (ACS URL) and Audience URI) in order to set-up the SAML application.
If this is the case, or you require the metadata.xml file for importing, please let our support team know via email@example.com, and they will provide this information to you.
Step 2 - Provide configuration information to Digital Theatre+
You will need to provide the following information:
- Issuer URI of the Identity Provider. This value is usually the SAML Metadata EntityID of the IdP EntityDescriptor.
- IdP Single Sign-On URL. The binding-specific IdP Authentication Request Protocol endpoint that receives SAML AuthnRequest messages.
- IdP Signature Certificate. The PEM or DER encoded public key certificate of the Identity Provider used to verify SAML message and assertion signatures.
- Email domain(s). The email domains which users who authenticate via your Identity Provider will use.
- Any changes required to the default attribute mapping.
Send this information to our support team via firstname.lastname@example.org.
Step 3 - Digital Theatre+ provide metadata information
You will need to update your SAML application configuration with the following information which will be supplied by our support team:
- Assertion Consumer Service URL: https://auth.digitaltheatreplus.com/sso/saml2/<unique-id-per-customer>
- Audience URI: https://auth.digitaltheatreplus.com
Step 4 - Test that you can sign in using your new SAML 2 application configuration
- Go to https://edu.digitaltheatreplus.com
- Click 'Sign in'
- Enter your email address
- Click 'Next'
- You will be redirected to your Single Sign On Identity Provider
- Enter your credentials and authenticate
- You will be redirected to https://edu.digitaltheatreplus.com and will be signed in
Creating a SAML Deeplink or WAYfless URL
Please refer to our "Signing in with SAML 2 SSO" guide for information on creating a SAML Deeplink or WAYFless URL.
Set up guides for Identity solutions