Single Sign-On is an authentication process that allows users to sign into KUDO with their company credentials.
KUDO SSO is based on SAML 2.0 and works with the following IDP's: Onelogin, Azure, Okta, CAS.
- Currently, our EU and COM platforms are not linked. The SSO configuration applied to one of them, would not be applied to the other server.
- The user role will be automatically provisioned when a user gets invited to a session. By default, the user role is a participant, unless we receive another parameter from the SAML response.
- KUDO acts as the Service Provider (SP) and offers automatic user provisioning. You do not need to register as a user on KUDO. Once KUDO receives a SAML response from the Identity Provider (IdP), KUDO checks if this user exists. If the user does not exist, KUDO creates a user account automatically with the received name ID, using the default role, participant, if we do not receive another role parameter from the SAML response.
1. We will need to know:
- Your Client Account email;
- Your Organization name;
- Identity Provider (IDP);
2. Once we set up the Organization for you in KUDO, we will be providing you with:
- ACS URL (Consumer URL);
- Login URL;
- Single Logout URL;
- EntityID/Audience (the name of the SAML 2.0 connector, i.e kudo-sso);
3. Identity Provider (IDP)
- Login to your IDP, having Admin rights;
- Add a SAML connector;
- Add the info we've provided you at step 2.
- Create and map the below custom parameters/fields:
- first_name to First Name;
- last_name to Last Name;
- role to Role (user role we currently have 4 roles: participant, interpreter, operator, viewer);
- by not assigning a role in IDP, KUDO will assign a participant role, by default;
- once a user gets invited to a session with another role, it will be associated with the user account. Upon login, the user can select what role is he/she planning to use;
- email to Email;
- Save the configuration;
- Download the SAML metadata and sent it to us;
4. We will get back to you with a confirmation message. Once configured, users can sign in with SSO.