Articles in this section

How does my organization set up Single Sign-On with CreativeX?

Please note the instructions below are for your organization’s technical teams. Individual users cannot set up single-sign on individually. 

 

What is Single Sign-On (SSO)? 

Single Sign-On (SSO) is a method of authentication that enables users to securely authenticate into multiple applications using universal credentials provided by an access management system.

 

Why should my organization consider setting up SSO?

SSO makes it easier for users to access their accounts and applications. Setting up SSO ensures your users can access your creative analytics and integrate CreativeX as part of their workflows.

 

What are the key features of SSO?

  • Enables users to authenticate CreativeX using their universal credentials provided by their company’s access management system (ex: Azure, Okta, etc.)
  • Makes it simple to add and remove user access to CreativeX directly from your access management system.
  • User permissions for new users can be configured to be automatically categorized based on certain pre-defined factors. For example, if an email address includes the term “contractor” the user can be given “Limited” access instead of the default “Standard” access given to all other new users.

What is the user experience for SSO?
The user can authenticate into the CreativeX platform in one of two ways:

Application Gallery

  1. User navigates to application gallery in their company’s access management system. 
  2. User clicks on “CreativeX” and is automatically authenticated into the platform.

Direct Link

  1. User navigates to app.creativex.com/login?login_org=[CLIENT]
  2. User clicks on “Login with SSO” and is redirected to their company’s access management system login screen.
  3. User enters universal credentials and is then redirected back to the CreativeX platform.

What is the technical set-up for SSO between my organization and CreativeX?

Requirements

CreativeX currently only supports SAML protocol. If another protocol is in use, additional work may be required.

 

CreativeX to Provide

In order to configure SSO, CreativeX will provide the following data. Clients typically configure SSO in staging in order to test before moving to production.

Staging

Data

Endpoint

Initial Access to User URL

staging-app.creativex.com/login?login_org=[CLIENT]

SAML Assertion Consumer Endpoints (ACS)

staging-app.creativex.com/users/saml/auth

Relying Party Identifier

staging-app.creativex.com/users/saml/metadata

 

Production

Data

Endpoint

Initial Access to User URL

app.creativex.com/login?login_org=[CLIENT]

SAML Assertion Consumer Endpoints (ACS)

app.creativex.com/users/saml/auth

Relying Party Identifier

app.creativex.com/users/saml/metadata

 

CreativeX to Receive

For each configuration (staging and production), CreativeX will receive the following data in order to complete configuration:

 

Data

Description

Entity ID

A unique name for Identity Provider or Service Provider

Single Sign On URL 

(Target URL)

Endpoint where service provider sends SAML authentication request and user is authenticated

X.509 Certificate

IdP (Identity Provider) certificate that a SAML configuration uses


For each user, the following attributes must also be set up to be sent to CreativeX as part of the configuration:

Required Attribute

Description

Email

Email address of the user

FirstName

First name of the user

LastName

Last name of the user

 

Additional Considerations

When setting up SSO, a default Profile (access level) will need to be selected for new CreativeX users. CreativeX currently has the following profiles:

Profile

Access Level

Limited

Test creatives before they go live and invite other users with limited access

Connecting

Manage account connections and invite other users with connector permissions

Standard

Access both in-flight and pre-flight data and analytics, manage account connections, and invite other standard users

Admin

Full access to in-flight and preflight data and analytics, plus rights over account connections, invitations, permission settings, rule weights, and more


CreativeX also has the ability to customize user profile designations based on desired inputs. For example, contractors with email addresses that contain the term “Contractor” can be configured to be automatically set to Limited. Note however that automating this isn’t always necessary since user Profiles can be changed at any time by an Admin.

What is the Timeline for Setting Up SSO?

Once CreativeX is provided with the necessary information for finalizing configuration, setup will take 24-48 hours.

If SSO is enabled and a user who previously had a username/password account in CreativeX navigates to the Direct Link to log into the CreativeX platform, can they still log in with username/password?

Yes, we currently don’t require users to log in only via SSO.

 

How do I get SSO set up for my organization and CreativeX? Please get in touch with your customer success team to begin this process.

Need help?
Connect with us.

Was this article helpful?
0 out of 0 found this helpful