TelemetryTV allows you to use SAML (Security Assertion Markup Language) for authenticating a user's identity through an external iDP (Identity Provider).
SAML, which is an XML based communication tool for sharing and authenticating user identity between organizations, allows users to login using third party application credentials. For example, using your Outlook Email to login to TelemetryTV. This allows an Identity Provider (iDP) to allow and authenticate user access to a Service Provider. In this article, I have outlined how you can configure Azure AD as an Identity Provider to login to the TelemetryTV application, which is the Service Provider.
By configuring your SAML Identity Provider with TelemetryTV, you can login directly to your account using only your Team name and a third party identity authentication such as an email login. Instead of having to create a name and password for your Telemetry account, you simply enter your Team's name and then login using a third party email which authenticates the users identity to the app. This means that you can efficiently login into many applications with the same account login credentials.
A SAML login system is particularly useful for organizations with a large amount of staff who need to log into many different applications. Using SAML authentication is more efficient for both the account admin and the end user. The end user can log into many different applications on a day to day basis without worrying about having to manage many different passwords. As SAML can be mapped from a single central account to many different applications, the admin can create or revoke users' authentication for multiple account logins with a single setting.
Below is an example of how SAML can be configured through Azure Active Directory to allow you to login to TelemetryTV by using only Outlook 365 email credentials.
The Identity Provider and Service Provider need to first be configured with each other's details such as HTTPS login URLs, iDP authentication certificate, Application ID and Team account ID. These steps are outlined in the guide below.
Note: You will need to have setup an Azure AD account in order to follow the steps below.
Setting Up SAML through Azure AD
Go to Azure Active Directory
Enterprise Applications -> All Applications -> New Application
Non-Gallery Application -> Enter Application Name “TelemetryTV” -> Add
Go back to Enterprise Applications and then select TelemetryTV
Select "Setup single sign on"
SAML Identity Provider Configuration
In the Basic SAML Configuration insert the following:
Identifier (Entity ID) : This will be https://user-api.telemetrytv.com/sp as indicated in the screenshot below:
Reply URL (Assertion Consumer Service URL) : https://user-api.telemetrytv.com/accounts/saml/response
Sign on URL: https://app.telemetrytv.com/start/enterprise
Set Unique User Identifier under User Attributes & Claims to 'user.mail'
Then Download Certificate (Base64) under SAML Signing Certificate
Note: Copy the Login URL a the bottom as your will need this for the next step in SAML Service Provider Configuration
Finally, click on the pencil icon beside SAML Signing Certificate and ensure that Signing Option is assigned as 'Sign SAML Response'
SAML Service Provider Configuration
Open up https://app.telemetrytv.com/
Then go to Settings -> Single Sign On
Team Name - Insert any unique name you would like to use to login to TelemetryTV via SAML.
Entity ID (URN) - Insert ApplicationID from Azure TelemetryTV Application object
Sign In URL - Insert Login URL copied from Azure SAML Configuration
Certificate - Insert the content of your Base64 Certificate
Adding your User
Don't forget to add the the user in Telemetry and ensure that the email matches the user email in your Azure AD user groups (must be lowercase letters).
Go to app.telemetrytv.com/start/enterprise, enter the Team Name that you assigned as your 'Identifier (Entity ID)' in your Azure SAML configuration and click 'login'. You can also add your team name at the end of the URL to go directly there, ex: app.telemetrytv.com/start/enterprise/teamname.