SSO Connections (for an account)

A System Master (a Certain team member) can set up “Single Sign-On” (SSO) connections for an account.

An Administrator user enables these SSO connections here.

An Administrator user can edit field mappings and button fields.

Types of SSO in Certain

Certain supports three types of SSO.

• ADMIN is for people signing in to the Certain app itself. Event Builders can use this entry point. Details are below in ADMIN.
• ATTENDEE is for attendees using registration forms or the Mobile web app. Speakers can use a Speaker Portal. Reviewers can use a Reviewer Portal. Details are below in ATTENDEE.
• CHECK-IN APP is for people using the Certain Check-In app to check attendees in an event. Details are below in CHECK-IN APP.

SSO Configuration and Use (overview)

See SSO Configuration and Use for an overview of SSOs in Certain.

Available SSO Connections (List)

All existing SSOs for the current account and its parent account are listed.

An Administrator user edits an SSO from the list. To edit an SSO, click the in the Actions column. The edit action opens the Edit SSO Config pane described below.

For each SSO listed, Certain shows the following information.

• Enabled indicates whether the SSO is available for use.
• If the Enabled check box is selected, the SSO is available.
• An Administrator user can select or clear the check box in the list.
• An Administrator user can change the Enabled state without editing the record.
• Note: map fields before enabling
• An Administrator user must map fields for the SSO before enabling it.
• At least First Name and Last Name mapping is required.
• Only one ADMIN SSO can be active in a system at any one time.
• Only one CHECK-IN APP SSO can be active in a system at any one time.
• Config Name is the name of the SSO as set by Certain for the system.
• Config Type is the technical type of SSO.
• Examples include “OAuth2” or “SAML2”.
• IDP Name is the Identity Provider (“IDP”) used for authentication.
• Examples include “LinkedIn” or “Facebook”.
• Entry Points lists “ADMIN”, “ATTENDEE”, or “CHECK-IN APP”.
• Details are below in Entry Points.
• Activity is the most recent activity.
• Activity includes type (for example “Updated”), date, and user name.
• Actions includes an edit action.
• The edit action opens the Edit SSO Config pane.

Edit SSO Config

This section displays when an Administrator user clicks in the list to edit an SSO.

This section also displays when a Certain System Master clicks Add an SSO Config.

> Note: Once an SSO has been set up, it is rare for it to be edited.

Information Fields

Certain shows the following Information Fields.

• Entry Points
• At least one option exists among “ADMIN”, “ATTENDEE”, or “CHECK-IN APP”.
• Entry Points is read-only information.
• Entry Points is except for a System Master user.
• ADMIN applies to Certain users logging in to the Certain app.
• After Certain users sign in to their corporate system, they do not need another user name and password.
• Certain users must still be set up as Certain users in Account Settings > Administration > Users.
• Only one “ADMIN” SSO can be active in a system at any one time.
• Best Practice: If an account has an ADMIN SSO, then ADMIN normally is that SSO’s only Entry Point.
• An example exception is when an account uses forms for staff to register for events via their intranet.
• ATTENDEE
• Attendees using registration forms to register.
• Registration form entry pages can include buttons for automatically pre-filling information from LinkedIn, Facebook, Microsoft, or Google+.
• Additional fields are below in Button.
• Attendees logging in to a Certain Mobile web app.
• The Login page in the app can include an option to log in via SSO instead of username and password.
• Speakers logging in to a Speaker Portal.
• The Login page in the speaker portal can include an option to log in via SSO instead of username and password.
• Reviewers logging in to a Reviewer Portal.
• The Login page in the reviewer portal can include an option to log in via SSO instead of username and password.
• CHECK-IN APP applies to Certain users who will be using the Certain Check-In app.
• Check-In users log into the Check-In app by clicking the gear icon on the login page.
• Check-In users select the SSO option.
• Check-In users log in using the selected SSO credentials.
• Only one “CHECK-IN APP” SSO can be active in a system at any one time.
• Config Name is required.
• The Config Name is the name of the SSO.
• Best practice is to make the Config Name unique in the account to ease identification.
• App ID is required.
• App ID is the unique technical ID for the SSO connection app created by Certain for this SSO.
• The connection app is created in the separate SSOManager app.
• Config Type is required.
• Config Type is the technical type of SSO.
• Examples include O Auth2 and SAML2.
• IDP Name is required.
• IDP Name is the Identity Provider (IDP) used for authentication by this SSO.
• Examples include LinkedIn and Facebook.

Button

These five “Button …” fields are available when Entry Point does not include “ADMIN” or “CHECK-IN APP”.

These Button fields are used only for Attendee Login.

Button configuration applies to each account and sub-account. Button fields determine the appearance of the button for the registrant on the form. Button fields also determine the appearance of the button for the speaker on the speaker portal.

Certain shows the following Button fields.

• Button Label is required.
• Button Label is the text on the form button.
• Example: “Log in with LinkedIn”.
• Button Color is required.
• Button Color is the background color of the form button.
• An Administrator user selects a color using the color picker icon.
• An Administrator user then clicks Set Color.
• An Administrator user can also enter the hex value.
• Example: “#dddddd for gray”.
• Button Text Color is required.
• Button Text Color is the color of the text of the Button Label.
• An Administrator user selects the text color using the color picker icon.
• An Administrator user clicks Set Color.
• An Administrator user can also enter the hex value.
• Example: “#000000 for black”.
• Button Icon is optional.
• An Administrator user clicks Browse to upload an icon.
• The icon is used on the button in addition to the text of the Button Label.
• Button Class is optional.
• Advanced users can enter a class name.
• The class name can be used in CSS and JavaScript.
• The class name further customizes the button’s appearance.
• The class name can localize the text.

Lookup

Certain shows the following Lookup fields.

• IDP Fields
• An Administrator user selects Identity Provider fields that Certain matches to Certain Profile fields.
• The field mapping step is described in Field Mapping.
• Only text fields are available for mapping.
• The available fields vary from one Identity Provider to the next.
• Example Identity Provider fields include:
• First Name (or Given Name)
• Last Name (or Surname or Family Name)
• Email Address
• Profile Lookup
• An Administrator user selects the Certain profile field to match against the IDP field that identifies the person.
• Examples include:
• Email
• Nameid
• If the selected field uniquely identifies a profile, the lookup can succeed with a unique match.
• Caution: If the selected field is the email address and the Certain account includes more than one profile with the same email, the lookup matches the most recently updated record.
• The registration forms Registrant Details section can enforce unique email addresses.
• Recommended: An Administrator user maps the selected field to a Certain field under Edit SSO Config below.
• Look Up Profile on form re-entry also
• Caution: This setting applies to every login using this SSO connection across all events in this account.
• If Look Up Profile on form re-entry also is not selected:
• Certain uses the value of the Profile Lookup field to find a matching profile record the first time someone logs in using SSO.
• If Certain finds a match, Certain “remembers” the match.
• If a person logged in via SSO later changes the value of that profile field on the Certain side, the person’s next login still succeeds.
• If Look Up Profile on form re-entry also is selected:
• Certain looks up the profile on every SSO login.
• Certain uses the value from a successful initial lookup.

Edit SSO Config (Field Mapping)

This section displays when an Administrator user clicks in the list to edit an SSO for an account.

Field Mapping maps fields from the Identity Provider (IDP) to matching Profile fields in Certain.

Field Mapping is required before enabling an SSO connection.

> Note: In a sub-account, an Administrator user needs to map these fields independently of the parent account. The mappings are not “inherited”.

Certain requires mapping for at least Profile First Name and Profile Last Name to the equivalent IDP fields.

> Important: An Administrator user must not map Profile First Name and Profile Last Name both to the same IDP field. > > See the note below for the name-mapping guidance.

Field Mapping fields

Certain shows the following field mapping controls.

• IDP Fields
• An Administrator user selects an IDP field to map to a Certain field.
• The listed IDP fields come from the IDP Fields drop-down list above.
• Example IDP fields include:
• First Name (or Given Name)
• Last Name (or Surname or Family Name)
• Email Address
• Certain Fields
• An Administrator user selects the Profile Standard Field or Profile Question to be mapped to the selected IDP Field.
• Example Certain fields include:
• Profile First Name
• Profile Last Name

> IMPORTANT: An Administrator user must always map different, separate fields to the Profile First Name and Profile Last Name fields in Certain.

Example: IDP fields include Given Name, Family Name, and Name

If the IDP fields include Given Name, Family Name, and Name, then Name probably concatenates the other two.

If Given Name = “Jane” and Family Name = “Citizen”, then Name is automatically “Jane Citizen”.

Correct procedure in this example:

• Map Given Name in IDP to Profile First Name in Certain.
• Map Family Name to Profile Last Name in Certain.

Both fields are used in Certain.

Her name appears as “Jane Citizen”.

Wrong procedure in this example:

• Map Name to both Profile First Name and Profile Last Name in Certain.
• Both fields for that attendee become “Jane Citizen”.
• Her name appears as “Jane Citizen Jane Citizen” wherever her name appears in Certain.

Updatable

• Updatable
• If Updatable is selected, Certain updates the Certain field.
• Certain updates occur when a registrant logs back in after the value of the IDP field has changed.
• This applies to LinkedIn or Facebook, for example.
• Caution: As best practice, many custom customers do not select this for Standard Profile Fields.
• This configuration avoids potential problems.
• Potential problems include inadvertently changing an email address.