Single Sign-On is only available in our Plus and Enterprise Network plans. Plus plans administrators do not have the possibility of configuring the Service Provider authentication flow without the assistance of a MURAL stakeholder. Enterprise Network plan administrators can configure this using the guide here.
MURAL offers the possibility of configuring an SSO Integration in Plus workspaces. Take into account that in order to configure an integration you should have a private domain. Public email domains, such as Gmail or Outlook, can't integrate through a custom SAML Integration.
To configure the Integration, you will need to go through the following steps
- Configure the Identity Provider
- Send the metadata file, certificate and attribute names to firstname.lastname@example.org
- MURAL will configure the Service Provider
- Test the authentication flow together with the MURAL representative
- Go Live!
Configure the Identity Provider
MURAL can be integrated with any Identity Provider in the market. If you have ADFS please access the documentation here.
If your identity provider is not ADFS, you can still configure it by accessing this guide.
Configure the Service Provider
In the email, you should include the following information:
- IDP Metadata File
- SAML Attributes names for Email, First name, Last name. You can also add Avatar and External ID
- Domains of your organization
With this information, the MURAL Representative will provide you an estimation time to configure the Service Provider. Once configured, MURAL will provide you a test link to verify the Integration before implementing it for your Plus workspace.
Testing the Authentication Flow
Once the MURAL Representative sends you the test link, you will have an hour to test the integration. If the link expires, you will need to request a new one.
The first step of the test flow is the IDP login, where you will need to authenticate in your IDP. If it’s correct, the next step will show a profile page with mapped information. It’s important to check that the Email, First name and Last name fields are correctly mapped. If not, the configuration will need to be changed in order to fix and re-test it.
If there is an authentication error in the testing flow, changes from the IDP or SP might also be needed to fix them.
The last step of the configuration process is to apply the new SSO integration flow your Plus workspace. After the integration is configured from both sides (IDP & SP) and tested successfully, you will need to coordinate a date with your MURAL Representative to go live.
Once the Integration goes live, you will be able to test it out directly in https://app.mural.co
End-User Experience After Applying the Configuration
Implementing the new SSO integration will not produce any major changes in the end-user experience.
Current logged-in users won't be signed out. The next time they sign-in they will be redirected to the SSO Integration, instead of going through the previous mail and password flow.
New users, on the other hand, will auto-provision their accounts through the SSO process from either SP or IDP initiated flows.