Articles in this section

How do I enable Single Sign On for Rise Vision?

Avatar
Patrick Arsenault
  • Updated
Follow

Using Security Assertion Markup Language (SAML), your users can sign in to Rise Vision using SSO with a supported identity provider.  Any SAML identity provider should work.  We've currently validated with Microsoft Entra (formerly Azure), Google Workspace, and Classlink.

 

Enable and set up SSO

You can access your SSO settings in your account’s Company Settings. You must be an administrator to view and edit SSO settings.

  1. Log in to your account at risevision.com
  2. Click on your username on the top-right hand corner of the screen
  3. Choose “Company Settings”
  4. The SSO options will appear on the right-hand side of the settings page

Before enabling SSO, make sure to set up Rise Vision as a custom SAML app in your identity provider.

The details you need are here:

Assertion Consumer Service URL:

https://rvaserver2.appspot.com/sso/acs

Service Provider Entity ID:

https://rvaserver2.appspot.com/sso/sp

Once you’ve set this up, you can click on the toggle to enable SSO and fill in the details from your identity provider.

2023-04-05_18-19-12.png

The X.509 Certificate is not a file that needs to be uploaded, but instead a long series of text that begins with BEGIN CERTIFICATE... and ends with -----END CERTIFICATE-----.

By default, using SSO is optional for your users. Enable the “Force SSO Sign-on” to force all non-admin users to sign-in using SSO.

To avoid a lockout situation, users with the “System Administrator” permission can always sign-in using their secure Rise Vision password as opposed to using SSO.

 

Enabling SSO for Sub-Companies

SSO users work just like password-authenticated users in that they retain their permissions in all sub-companies nested below their company. You can find out more about sub-companies and how they work in this article.

SSO settings do not cascade down to sub-companies automatically. To use SSO with sub-company users, each sub-company should have SSO enabled and configured.

 

User provisioning Through Your Identity Provider

When using Single Sign-On (SSO) with Rise Vision, you can manage user provisioning directly through your Identity Provider (IdP). Any changes made in your Identity Provider (IdP) will be reflected in Rise Vision when the user logs in. 

You can perform the following actions within your Identity Provider (IdP):

Adding User Profiles

  • First Name 
  • Last Name
  • Email (Username, Work Email)
  • User Roles (Teacher, Screen Share Moderator, Content Editor, Content Publisher, Display Administrator, System Administrator)

Editing Existing User Profiles

  • First Name
  • Last Name
  • User Roles (Teacher, Screen Share Moderator, Content Editor, Content Publisher, Display Administrator, System Administrator)

Rise Vision does not collect Company Role, Phone Number, or Status from the Identity Provider (IdP).

Deleting an Existing User Profiles

If you need to remove a user, be sure to delete them from your Identity Provider (IdP). If you only remove them from Rise Vision, they will be automatically re-added the next time they sign in through SSO.

 

Supported Identity Providers

The respective help center articles for our supported identity providers are linked below:

 

Common Questions

Can you provide us with some meta data?

Using this SAML Developer Tool, we have the following meta data for you:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                     validUntil="2024-02-10T15:36:43Z"
                     cacheDuration="PT604800S"
                     entityID="https://rvaserver2.appspot.com/sso/sp">
    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                                     Location="https://rvaserver2.appspot.com/sso/acs"
                                     index="1" />
        
    </md:SPSSODescriptor>
    <md:Organization>
       <md:OrganizationName xml:lang="en-US">Rise Vision Inc.</md:OrganizationName>
       <md:OrganizationDisplayName xml:lang="en-US">Rise Vision</md:OrganizationDisplayName>
       <md:OrganizationURL xml:lang="en-US">https://www.risevision.com</md:OrganizationURL>
    </md:Organization>
</md:EntityDescriptor>

Related articles