SSO technical set up instructions

Instructions for IT Managers to enable your Circa Workspace with SSO

Technical Set up Instructions

In the SSO setup detailed below, your company is the Identity Provider and Circa is the Service Provider.

The necessary database table variables:

• Organization ID
• Email Domain
• Target URL
• Unique Certificate

As the Identity Provider, please configure your server with the following.

• Issuer (Audience URI): https://app.circa.co/saml/metadata?domain=your-email-domain.com
• Reply URL (Single sign on URL / Destination for SAML response): https://app.circa.co/saml/consume?domain=your-email-domain.com

You should replace your-email-domain.com above with your company's actual email domain in the URLs above.

If your Workspace uses a Custom Subdomain, you should also replace app.circa.co with your-custom-subdomain.circa.co in URLs above.

After You Have Configured Your Server:

Please email help@simplecirca.com with your:

• Identity Provider Certificate (.pem) → Unique Certificate
• Identity Provider Sign In URL → Target URL

We will create a record in our database table for your domain and Workspace. Allow one business day for us to verify. We will notify you immediately when we have made the change.

How does the user experience flow work?

1. User fills their company email in first step of sign in.
2. If the emails domain matches with any of the records in our database table, an additional "Sign in with {{Workspace Name}}" button is shown above all sign in options in the next step.
3. When clicked on that button the user is redirected to the Target URL.
4. Identity Provider checks the users identity either by already existing cookie or asking them to sign in via internal credentials.
5. Redirects to our Assertion Consumer Service URL along with encrypted SAML response.
6. Service Provider checks that response is correct and signs the user in.