Carousel Cloud has the ability to integrate with SSO providers to make logging in just that much easier. Though we strive to offer articles to help configure Carousel with specific providers, there are a TON of them out there! This article will go over the generic concepts of SSO and Carousel configuration.
Before we get to that, here are the providers we do have documented, just in case you use one of them:
Auth0 - https://support.carouselsignage.com/hc/en-us/articles/360060796632-Setting-Up-Single-Sign-On-with-Auth0-and-Carousel
Okta - https://support.carouselsignage.com/hc/en-us/articles/360032346691-Setting-Up-Single-Sign-On-with-Okta-and-Carousel
One Login - https://support.carouselsignage.com/hc/en-us/articles/360032346651-Setting-Up-Single-Sign-On-with-OneLogin-and-Carousel
G-Suite - https://support.carouselsignage.com/hc/en-us/articles/360032003912-Setting-Up-Single-Sign-On-with-G-Suite-in-Carousel-Cloud
Azure AD - https://support.carouselsignage.com/hc/en-us/articles/360033875231-Setting-Up-Single-Sign-On-with-Azure-AD-and-Carousel
Shibboleth - https://support.carouselsignage.com/hc/en-us/articles/4403612844180-Carousel-Cloud-and-Shibboleth
Also, if you are in need of an SSO Metadata file, add
/CarouselAPI/v1/Saml2 to your Carousel Cloud URL (example: https://support.demo.carouselsignage.net/CarouselAPI/v1/Saml2) to view the latest version for your account.
Now let’s go through the basic steps required for the configuration. This process will vary slightly between service providers, but the basic concepts should be the same. There is usually tons of documentation available online for each provider so remember, Google is your friend*!!
*And, of course, AltaVista, Ask Jeeves, Bing, Netscape, AOL, MSN, Yahoo, etc. We don’t discriminate!
1. Create a new SAML 2.0 Application for Carousel
Log into both Carousel Cloud and your SSO provider as an admin in separate browser windows.
In your SSO Provider, navigate to where Applications are managed. This is typically accessed from a main admin dashboard.
Create a new SAML2.0 Application. If your SSO provider has different categories of applications to choose from, you will likely want to choose “new custom”, “create new”, or maybe a “non-gallery” application. If you have the option to select Single Sign On or SAML 2.0 at this point, choose it and continue on to configure the app for Carousel.
Now, looking at the Carousel Cloud UI, navigate to Configure > Users > SSO Identity Providers. Use the information provided there to populate the correlating fields in the App settings in your SSO provider. Again, the wording could be slightly different between providers but the fields should be there. The Supported Claims specifications may be set in an advanced settings menu of the app.
2. Create a new SSO Identity Provider in Carousel
Once you have finished setting up the app in your SSO Provider, you should be able to access the Sign On URL, Identity Issuer ID, and the x509 certificate and add it to Carousel.
Simply fill in all the fields using the information from your SSO provider. Selecting the SSO ONLY toggle will configure the system so that only site admins will be able to log in using an email/password. and upload your desired login logo and press save.
3. Add your Users
The last step is to add users to your app in your SSO Identity Provider, then create corresponding users in Carousel using the same email address and assign the proper access rights.
Now, you should be able to login to Carousel using your favorite SSO provider!