Introducing SAML and Single-Sign-On
Security Assertion Markup Language (SAML) is a security standard for logging into applications. Single Sign-On (SSO) allows users to log in to many applications or websites via one set of login details. This is commonly used in big companies.
How SAML SSO works in Piktochart
The team Owner sets up SAML SSO.
Piktochart creates a SAML request and sends this to the identity provider (IdP).
The IdP checks your credentials to confirm they are correct.
The IdP sends a response to Piktochart to verify your identity.
Piktochart accepts the response and logs you into our system.
Setting up SAML and Single-Sign-On
- Make sure you are on your Team Dashboard
- Go to the profile icon at the upper right menu → Team Account Settings
Step 1: Enter your company domain (e.g. piktochart.com).
- Anyone with a similar subdomain email that doesn’t match e.g. dev.piktochart.com is not considered the same company domain.
- We do not accept generic domain email e.g. gmail.com
Step 2: Key in the respective fields in your IdP (If you have any issues, contact [email protected]):
- Audience (Entity ID)
- ACS (Consumer) URL
And map the following attribute statements in your IdP:
- "email" (user's email)
- "name" (user's name)
Step 3: Then, upload your SSO Provider XML file or fill up manually the SSO URL and SSO Certificate.
Step 4: Create a TXT record of the DNS token using your domain host. You can insert an email address to receive a notification when domain verification is completed.
All set! SAML SSO is going through the verification process and it may take up to 72 hours, depending on your domain host.
How do I deactivate users?
You need to access your IdP to deactivate users. Deactivating a user in your IdP removes the user’s access to log in via SAML SSO. However, the user can still log in using the email/password method.
Why am I receiving an error message when trying to log in using SAML SSO?
There are a few possibilities:
- Using Gmail: If you are currently using Gmail for your login, you’ll need to change your email address to match your company domain email that is verified for SAML SSO.
- Domain email doesn’t match: Your domain email is not the same as the company domain e.g. dev.piktochart.com instead of piktochart.com.
- In-progress configuration: If another team owner from the same company configures for the same company domain, you’ll experience an error when trying to set up SAML SSO. This can happen during the verification process and you’ll see this error message "This domain has already been set up for SAML".
I am a new user in Piktochart. My company has set up SAML. How can I login via SAML?
If you have not created an account in Piktochart, you will need to first create an account. Once this account has been confirmed, you will be able to use SAML SSO for subsequent logins.