Skip to main content
All CollectionsNavigating the Platform
Use SSO to Manage Access to the LoudCrowd Brand App

Use SSO to Manage Access to the LoudCrowd Brand App

In this article you will learn how to set up your SSO Identity Provider and manage your teams' access to the LoudCrowd Brand App.

R
Written by Ronny Freites
Updated over a week ago

Manage SSO Users

After SSO has been setup for your LoudCrowd Brand App, you can use the LoudCrowd Settings > Users page to add and remove user accounts.

Adding new users

Go to LoudCrowd Settings > Users page to add new accounts by entering their email address. They will receive login instructions via email.

⭐️ Important: new users must exist in the organization’s Identity Provider (IdP) before being added in LoudCrowd to ensure SSO authentication.

What happens if we add users before enabling SSO?

Any users with accounts in the LoudCrowd Brand App before SSO was set up will now be routed through SSO login flow rather than the LoudCrowd login flow. They will not lose access to the platform.

Removing users

For users who no longer need LoudCrowd access, you can use the Settings > Users page to remove them. If a user is departing your organization, your access management process will inherently remove their ability to login to LoudCrowd because they will no longer be able to complete the SSO login flow. However you may still see them listed as an active user in the LoudCrowd Brand App Users page.

Overview of SSO Setup Steps

LoudCrowd uses Auth0 as the SSO service provider. The following Identity Providers (IdPs) are supported:

The specific setup instructions vary depending on your chosen IdP, but generally setup is a three step process:

  1. Determine your SSO Identity Provider (IdP)

  2. Generate credentials / certificate in your IdP

  3. Send required IdP information to LoudCrowd to connect your IdP to Auth0

Setup Guides per IdP

Below are the specific steps required for your chosen IdP.

PingFederate Server

Get the signing certificate

You will need to retrieve an X.509 signing certificate (in PEM or CER format) from PingFederate. The methods for retrieving this certificate vary, so please see the PingFederate documentation for instructions on managing your server's certificates.​

Convert signing certificate to Base64

Before you upload the X.509 signing certificate to Auth0, you must convert the file to Base64. To do this, either use a simple online tool or run the following command in Bash: cat signing-cert.crt | base64.

Provide your IdP credentials to LoudCrowd

Email your Client Strategist the following information:

  • PingFederate Server URL - URL for your PingFederate Server

  • X.509 Signing Certificate - PingFederate Server public key (encoded in PEM or CER) that you retrieved in step 1.

  • Sign Request - When enabled, the SAML authentication request will be signed. Download and provide the PingFederate server with your tenant's certificate.

  • Sign Request Algorithm - Algorithm Auth0 will use to sign the SAML assertions. Auth0 and PingFederate Server configuration must match, ex RSA-SHA256.

  • Sign Request Digest Algorithm - Algorithm will use for the sign request digest. Auth0 and PingFederate Server configuration must match, ex SHA256.

Google Workspace

Register Your Application in Google Developer Console

Follow Google's Setting up OAuth 2.0 documentation to register a new application.

  1. Go to the API Console.

  2. From the projects list, select a project or create a new one.

  3. If the APIs & services page isn't already open, open the console left side menu and select APIs & services.

  4. On the left, click Credentials.

  5. Click New Credentials, then select OAuth client ID.

Configure OAuth Settings

While setting up your application, ensure the following configurations:

Application Type

  • Select Web Application

  • Set the following parameters:

    • Authorized JavaScript origins: https://app.loudcrowd.com

    • Authorized redirect URIs: https://app.loudcrowd.com/login/callback

If this is your first time creating a client ID, you can also configure your consent screen by clicking Consent Screen. (The following procedure explains how to set up the Consent screen.) You won't be prompted to configure the consent screen after you do it the first time.

  • OAuth Consent Screen

    • Under Authorized domains, add loudcrowd.com auth0.com

Retrieve Client Credentials

Upon completing the setup, Google will generate a Client ID and Client Secret for your application.

Provide your IdP credentials to LoudCrowd

Email your Client Strategist the following information:

  • Client ID - Unique identifier for your registered Google application. This value comes from the app you registered in the Google console in the previous step.

  • Client Secret - String used to gain access to your registered Google application. This value comes from the app you registered in the Google console in the previous step.

Did this answer your question?