SAML SSO Integration

ServiceChannel offers a full-featured single sign-on (SSO) system to improve the security of your team’s access to ServiceChannel while making it easier for them to gain access. Users can take advantage of SSO when logging in to ServiceChannel web and mobile apps or through their organization’s web app.

ServiceChannel supports SAML SSO — an enterprise solution for single sign-on based on SAML 2.0 and supported by all major third-party vendors and tools such as ADFS, Azure AD, SiteMinder, Okta, and Ping One/Federate/Identity.

In general, SAML SSO is a system-level integration where parameters are discussed ahead of time and are passed in XML-based SAML tokens between the Identity Provider (IdP) and the Service Provider (SP). Each login attempt initiates the exchange of SAML tokens with user assertions between the Entities of IdP and SP. The assertions must be signed, have a public certificate key, and their structure must be compliant with the SAML 2.0 standards. ServiceChannel validates the received token and — if the validation passes strict security protocols — logs the end user in to the appropriate area of the ServiceChannel platform.

End users can be provisioned beforehand or created on the fly if the required attributes are provided in the passed assertions.

SAML SSO allows your users to authenticate within your organization’s Active Directory with inherited parameters for easy provisioning in ServiceChannel. This lets you effectively manage user accounts on your end and have full control over them without worrying that someone may have access to any sensitive data.

ServiceChannel supports two types of SAML SSO: Identity Provider initiated SSO and Service Provider initiated SSO. ServiceChannel always acts as a Service Provider, while your company uses a third-party tool to serve as an Identity Provider.

• IdP-initiated SSO allows a user who is already signed in to your corporate system to navigate to ServiceChannel via an IdP link on your organization’s site without the need to enter their ServiceChannel credentials. Thus, your team can access the ServiceChannel system without having to sign in with their ServiceChannel user ID.
• SP-initiated SSO enables end users to start logging in to ServiceChannel and then get redirected to their organization’s corporate system for authentication. Successfully authenticated users are redirected back to the ServiceChannel site as authorized users without the need to enter their credentials.