Better SSO

Question

Curious if anyone’s had good luck with a better SSO implementation & intercom?

Racheal · Accepted Answer

Hey @Emil AYou can definitely integrate with an identity provider and log in with SAML SSO!To enable SAML SSO:1. Go toSettings > Securityand select "Require SAML SSO" as the authentication method.The SAML name for your workspace is located in a grayed out box, like you see below 👇2. Include the SAML name listed in the grayed out box for your workspace to configure SAML SSO with your identity provider in the following places:Single Sign-On URLhttps://app.intercom.com/saml//consumeRecipient URLhttps://app.intercom.com/saml//consumeAudience restriction/Entity IDhttps://app.intercom.com/saml/NameIDEmail addressSigned AssertionsYesMapped AttributesfirstName (User's first name)lastName (User's last name)EncryptionAES256_CBC with this certificate:-----BEGIN CERTIFICATE-----MIIDKTCCAhGgAwIBAgIESfKRDDANBgkqhkiG9w0BAQsFADBFMREwDwYDVQQKEwhJbnRlcmNvbTEVMBMGA1UECxMMRGV2IFBsYXRmb3JtMRkwFwYDVQQDExBTQU1MIENlcnRpZmljYXRlMB4XDTE2MTIxNDE2MjYyN1oXDTI2MTIxMjE2MjYyN1owRTERMA8GA1UEChMISW50ZXJjb20xFTATBgNVBAsTDERldiBQbGF0Zm9ybTEZMBcGA1UEAxMQU0FNTCBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYDcgFR7BMrGPMNTVERsAXOZoaz+ObJaKAtSWbq6J7upmEvr7wm7KmIOGiTdqsA5vhJUBRC4pPxTpB6l34LYQ2CcfGYP0TQtrpBuHtkSVPe5Tu1q4ri4YpiWLzkO6TdFDvIKiD141gYjPkypTYGHQ0YRoHJVLibk55nJcjX1GjwXpDLYOa9r4LrGzOHV1o7p/C1GoPu8/5GzgtP0faO4iDgcz0681WQvN4sg4kL24geouBrIfl5Xa0WmFAmQDtaYZ22V2hPgmivcw4l0mnHuHRKiYdKuIBrkj9miEL1YMexMgUoAm7TbMIqPu1s3k9HcJ75Ksk1LUnxKRYdTlZRPd0CAwEAAaMhMB8wHQYDVR0OBBYEFNX3lHt+SDJSghNBEmdyvxwZ9A8JMA0GCSqGSIb3DQEBCwUAA4IBAQBE8HPVU1fM2KJ4+WSLTz1AO3R/HMfI9Vjf8g5TvRWixhRwFG6hWxnMfqn6+/O3KZTyOszhcMn1i+yIk6kfG//C8jVN0BdRf45VY0zFYn6veUe5l0Mwrc98SVTS2bIYNjkC1uPfRURNY+TlLqfzAcJYKIPlrpV8sDWGk22ouQeSpBDiC4bFt5rpxbDOHZ8yiEWFWXSplA/7lAK6WfGll9JYZIXIUG9IkrqqAU8Rdl4ap7R+5hnpHm7hXxGKbY9QL+sr4SbGOUVBuO9ilLNis1mRAfJ8YEu8Aw4rRMBMTTVzdkBk0keMMJNdjvWDNmwOwECFqpawtT0JQBFUdm+03Ow+-----END CERTIFICATE-----Additionally you will need to add the following information in Intercom from your identity provider:Identity provider Single Sign-On URL —This is the URL used to start the login process.Public certificate —This allows Intercom to validate SAML requests from your identity provider. It must be an X.509 certificate.3. Specify the domains which are allowed to authenticate with SAML SSO. Enter a domain under "AllowedDomains", then click the "Adddomain" button to submit.4. Verify that you own the domain by adding aTXT recordin your DNS settings with the values shown below. After adding the TXT record in your DNS settings, click "VerifyDNSrecord".Note: If you do not have access to your DNS provider, you may need help from someone on your team.Tip:If you have just created the DNS record it may still be propagating, in this case you’ll see the following warning message: “Unable to verify DNS record. Please try again later.”5. Once the DNS record is verified you'll receive a success message and the domain will appear like you see below 👇For a more detailed set of instructions take a look at the Article I've attached here!

Join the Intercom Community 🎉

Intercom Customers and Employees

Login to the community

Intercom Customers and Employees

Scanning file for viruses.

This file cannot be downloaded