Is it possible to set up SAML 2.0 SSO with IC?

[expeditedshipper]

I saw some support documentation here: 

 

Is there a way to set this up without development? Seems a bit complicated...

[Stuart Silvester]

SAML is a bit more complex than things like OAuth, it is not something that is natively supported at this time.

Based on experience, most authentication providers that support SAML also have OAuth 2 support which is natively supported in Invision Community (It's also much easier to set up). We can provide a bespoke SAML-based  solution if required, please see here for more information: https://invisioncommunity.com/services/sso/

Personally, I would look at using OAuth if it's a solution that's available to you.

[expeditedshipper]

Does it support OpenID Connect?

 

What does the bespoke SAML-based solution cost?

[Stuart Silvester]

2 hours ago, expeditedshipper said:

Does it support OpenID Connect?

 

What does the bespoke SAML-based solution cost?

We don't have native support for this time, but that's also something we could implement easy enough (since OpenID Connect uses OAuth).

There is some basic pricing information on here: https://invisioncommunity.com/services/sso/ but I would recommend emailing our sales team for a quote (click the contact us button on the right)

[bfarber]

I'll just note, we do also have an OpenID Connect solution, in addition to SAML, so if that is a preference you can also inquire with our sales department about OpenID Connect instead.

[expeditedshipper]

If we were to do the SAML solution...is it a pain to set up or is there a good guide for it?

 

$850 is a bit pricey for this.

Edited July 26, 2019 by expeditedshipper

[bfarber]

There is no off-the-shelf solution for SAML. In terms of setting it up, I assume you mean the integration on the community side and not the front end SAML instance itself. If that assumption is correct, without using a ready-made solution yes, it is quite a "pain" to add integration for SAML into the software unless you're very familiar with how SAML works and/or enjoy reading about the nitty gritty details of protocols.

There is no guide for setting up SAML; it's not something you are able to do without custom code.

[Ryan M]

On 7/25/2019 at 4:15 PM, Stuart Silvester said:

We don't have native support for this time, but that's also something we could implement easy enough (since OpenID Connect uses OAuth).

There is some basic pricing information on here: https://invisioncommunity.com/services/sso/ but I would recommend emailing our sales team for a quote (click the contact us button on the right)

While I applaud you for offering this add-on service for a fee ($850), I would like to see this as a regular integration feature for Oauth and SAML. At the moment we can integrate with Google and Microsoft but it is Microsoft personal accouns, not Microsoft 365. 

Simple SAML can work with Azure AD, Okta, Auth0, JumpCloud, and many many others.

Thank you for your time.

On 7/26/2019 at 8:33 AM, expeditedshipper said:

$850 is a bit pricey for this.

Yes I absolutely agree. And with paying a fairly high rate to renew support/maintenance of my licenses I believe this should be an included feature.

[Marc Stridgen]

If you wish to see additions to the platform, you would really need to post within our suggestions area. From a support standpoint we can only offer what is available at the present time.