When your technical team deploys CreativeX to hundreds of marketers globally, they often need a secure method to bypass manual password resets and individual account creation. Single Sign-On (SSO) resolves this issue! It allows users to authenticate securely with their current corporate credentials, such as Azure or Okta. Let’s review how your technical team can configure this integration.
Note: Only your organization’s technical teams can execute these steps. Individual users cannot configure single sign-on independently.
Step 1: Review the Protocol Requirements
First, verify your system capabilities. CreativeX exclusively supports the SAML protocol. If your company relies on a different protocol, the setup will require additional custom development.
Step 2: Exchange Configuration Data
To establish the connection, both parties must exchange specific endpoint data. Teams usually configure SSO in a stage environment first to test the connection before they push to production.
CreativeX provides these endpoints:
| Data Type | Stage Endpoint | Production Endpoint |
|---|---|---|
| Initial Access URL | Stage Login | Production Login |
| SAML Assertion Consumer (ACS) | Stage ACS | Production ACS |
| Relying Party Identifier | Stage Metadata | Production Metadata |
Your organization must provide these data points to CreativeX:
- Entity ID: A unique name for the Identity Provider (IdP) or Service Provider.
- Single Sign-On URL: The target endpoint where CreativeX sends the SAML authentication request.
- X.509 Certificate: The IdP certificate used for the SAML configuration.
Additionally, you must map specific user attributes to ensure proper account creation: Email, FirstName, and LastName.
Step 3: Define User Access Profiles
When you establish the SSO connection, you must select a default access profile for all new users. You can choose to assign them Limited, Connecting, Standard, or Admin permissions. To understand the exact capabilities of each tier, read our guide on the different user access and permission levels.
Our team can also customize user profile designations based on specific inputs. For example, you can configure the system to assign "Limited" access automatically to any email address that contains the word "Contractor".
Step 4: Launch and Authenticate
Once you provide the necessary information, our technical team requires 24 to 48 hours to finalize the configuration. Once complete, users can access the platform in two ways:
- Application Gallery: Users navigate to your company’s internal application gallery and click the CreativeX icon.
- Direct Link: Users navigate directly to the Custom Login URL and click "Login with SSO".
Do you have legacy users? Rest assured, users who previously created a standard account can still log in with their email and password if they prefer!
Troubleshooting
Did you encounter an issue with the setup process?
- Failed Logins: If a user fails to authenticate, double-check your attribute configuration. The system requires exact matches for Email, FirstName, and LastName to grant access.
- Non-SAML Protocols: If your organization operates on a protocol other than SAML, the standard integration will fail. Reach out to your Customer Success Manager to discuss custom solutions.
Please contact support@creativex.com if you have more questions.