Curious if anyone’s had good luck with a better SSO implementation & intercom?
Better SSO
Best answer by Racheal
Hey
You can definitely integrate with an identity provider and log in with SAML SSO!
To enable SAML SSO:
1. Go to Settings > Security and select "Require SAML SSO" as the authentication method.
The SAML name for your workspace is located in a grayed out box, like you see below 👇
2. Include the SAML name listed in the grayed out box for your workspace to configure SAML SSO with your identity provider in the following places:
Single Sign-On URL
- https://app.intercom.com/saml/<SAML Name>/consume
Recipient URL
- https://app.intercom.com/saml/<SAML Name>/consume
Audience restriction/Entity ID
NameID
- Email address
Signed Assertions
- Yes
Mapped Attributes
- firstName (User's first name)
- lastName (User's last name)
Encryption
- AES256_CBC with this certificate:
-----BEGIN CERTIFICATE-----MIIDKTCCAhGgAwIBAgIESfKRDDANBgkqhkiG9w0BAQsFADBFMREwDwYDVQQKEwhJbnRlcmNvbTEVMBMGA1UECxMMRGV2IFBsYXRmb3JtMRkwFwYDVQQDExBTQU1MIENlcnRpZmljYXRlMB4XDTE2MTIxNDE2MjYyN1oXDTI2MTIxMjE2MjYyN1owRTERMA8GA1UEChMISW50ZXJjb20xFTATBgNVBAsTDERldiBQbGF0Zm9ybTEZMBcGA1UEAxMQU0FNTCBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYDcgFR7BMrGPMNTVERsAXOZoaz+ObJaKAtSWbq6J7upmEvr7wm7KmIOGiTdqsA5vhJUBRC4pPxTpB6l34LYQ2CcfGYP0TQtrpBuHtkSVPe5Tu1q4ri4YpiWLzkO6TdFDvIKiD141gYjPkypTYGHQ0YRoHJVLibk55nJcjX1GjwXpDLYOa9r4LrGzOHV1o7p/C1GoPu8/5GzgtP0faO4iDgcz0681WQvN4sg4kL24geouBrIfl5Xa0WmFAmQDtaYZ22V2hPgmivcw4l0mnHuHRKiYdKuIBrkj9miEL1YMexMgUoAm7TbMIqPu1s3k9HcJ75Ksk1LUnxKRYdTlZRPd0CAwEAAaMhMB8wHQYDVR0OBBYEFNX3lHt+SDJSghNBEmdyvxwZ9A8JMA0GCSqGSIb3DQEBCwUAA4IBAQBE8HPVU1fM2KJ4+WSLTz1AO3R/HMfI9Vjf8g5TvRWixhRwFG6hWxnMfqn6+/O3KZTyOszhcMn1i+yIk6kfG//C8jVN0BdRf45VY0zFYn6veUe5l0Mwrc98SVTS2bIYNjkC1uPfRURNY+TlLqfzAcJYKIPlrpV8sDWGk22ouQeSpBDiC4bFt5rpxbDOHZ8yiEWFWXSplA/7lAK6WfGll9JYZIXIUG9IkrqqAU8Rdl4ap7R+5hnpHm7hXxGKbY9QL+sr4SbGOUVBuO9ilLNis1mRAfJ8YEu8Aw4rRMBMTTVzdkBk0keMMJNdjvWDNmwOwECFqpawtT0JQBFUdm+03Ow+-----END CERTIFICATE-----
Additionally you will need to add the following information in Intercom from your identity provider:
- Identity provider Single Sign-On URL — This is the URL used to start the login process.
- Public certificate — This allows Intercom to validate SAML requests from your identity provider. It must be an X.509 certificate.
3. Specify the domains which are allowed to authenticate with SAML SSO. Enter a domain under "Allowed Domains", then click the "Add domain" button to submit.
4. Verify that you own the domain by adding a TXT record in your DNS settings with the values shown below. After adding the TXT record in your DNS settings, click "Verify DNS record".
Note: If you do not have access to your DNS provider, you may need help from someone on your team.
Tip: If you have just created the DNS record it may still be propagating, in this case you’ll see the following warning message: “Unable to verify DNS record. Please try again later.”
5. Once the DNS record is verified you'll receive a success message and the domain will appear like you see below 👇
For a more detailed set of instructions take a look at the Article I've attached here!
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.