How To Set up SSO for Reflectivity Team

Available for Reflectivity team users of Reflectivity web, Swivl Capture app

(Looking for M2 and Mirrortalk SSO setup steps? Please click here!)

SSO (Single Sign-On) authentication allows your team members to securely log into the Swivl Capture app or Reflectivity web platform with ease and simplicity. It is possible to both sign in and sign up using SSO. Teachers, coaches, and students use their institutional login and password to access their Reflectivity team account. It is a time-saving, convenient, and secure process of logging in and using Reflectivity solution.

We support all SSO providers that can act as a SAML Identity Provider. Please note that our platform supports only SP-initiated SSO. This means that users must begin the authentication process by navigating to https://cloud.swivl.com/sso/login and entering their email address, after which they will be directed to complete the login process. IdP-initiated SSO is not supported.

❗❗Make sure to use SSO sign in at https://cloud.swivl.com/sso/login or in our Swivl Capture or Reflectivity apps.
SSO sign in Reflectivity.gif

What needs to be configured on your side

Create a new Service Provider profile with the following settings:

Service Provider Name: Swivl Cloud
Entity ID: https://cloud.swivl.com/sso
Metadata: http://cloud.swivl.com/sso/metadata.xml
You need to setup the system so that it sends us the following attributes:

First name
Last name
Email address

Information we need from you as the Identity Provider:

Identity Provider Name (example: TTU)
Email domain (example: ttu.edu)
Entity ID (example: https://idp.shibboleth.ttu.edu/idp/shibboleth)
URL to metadata.xml (example:https://idp.shibboleth.ttu.edu/idp/shibboleth)
Names of the attributes (e.g. FirstName/LastName/Email)
Email this information to your primary Swivl contact or to support@swivl.com

How to test the SSO connection

Visit page https://cloud.swivl.com/sso/login
Enter Email address in your domain and press the “Sign in” button
You should be redirected to your IdP sign in page
Sign in on IdP using your credentials
You should then be redirected back to Swivl Teams
Notify us about successful SSO connection test and we will setup attribute mapping on our side
Sign in with SSO again and you should see the correct First and Last name

Microsoft Entra ID SSO (Azure AD) integration with Reflectivity
- Microsoft Entra ID is the new name for Azure AD
  
  To configure Azure AD integration, you must be an administrator in Azure and have the Admin account (not Co-Admin) in AlertSite.
  
  To create an application in Azure AD, follow the next steps:
  
  1. Log in to the your Azure portal as an administrator: https://portal.azure.com/
  
  2. Go to Azure Active Directory:
  
  3. Select Enterprise Applications:
  
  4. Click New application.
  
  5. On the Add an application page, choose Non-gallery application.
  
  6. In the Name field enter Swivl Teams. Click Add or Create.
  
  7. Select Single sign on and select SAML.
  
  8. On the Single sign-on page, click the edit button at the top right of the Basic SAML Configuration section.
  
  9. Under basic SAML configuration section, perform the following steps:
  - Identifier (Entity ID): https://cloud.swivl.com/sso
  - Reply URL (Assertion Consumer Service URL): https://cloud.swivl.com/sso/login_check
  - Sign on URL: blank
  - Relay State: blank
  - Logout URL: blank
  10. Click the edit button next to User Attributes & Claims and configure the Claims for the application:
  
  11. Check and update the Claims if needed:
  
  givenname
  - Name: givenname
  - Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  - Source attribute: user.givenname
  surname
  - Name: surname
  - Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  - Source attribute: user.surname
  email address
  - Name: email address
  - Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  - Source attribute: user.mail
  12. Download the Federation Metadata XML file and keep it handy. You'll need this in the next step.
  
  Setup SSO connection with Swivl Platform
  
  Information we need from you as the Identity Provider:
  1. Identity Provider Name (example: TTU)
  2. Email domain (example: ttu.edu)
  3. Send us URL to metadata.xml file downloaded on the step 12(example: https://idp.shibboleth.ttu.edu/idp/shibboleth)
  4. Email this information to your primary Swivl contact or to support@swivl.com
  How to test the SSO connection:
  1. Visit page https://cloud.swivl.com/sso/login
  2. Enter Email address in your domain and press the “Sign in” button
  3. You should be redirected to your IdP sign in page
  4. Sign in on IdP using your credentials
  5. You should then be redirected back to Reflectivity (Teams)
  6. Notify us about successful SSO connection test and we will setup attribute mapping on our side
  7. Sign in with SSO again and you should see the correct First and Last name.
OneLogin SSO connection with Reflectivity (Teams)
- Configure OneLogin
  1. Log in to the OneLogin Dashboard, and click in the top menu Applications > Add App
  2. Search for SAML, and select SAML Custom Connector (Advanced)
  3. Specify Display Name “Teams” and press Save
  4. Go to the SSO tab and copy the value for Issuer URL
  5. Go to the Configuration tab, fill the following fields and press Save:
  6. Go to the Parameters tab:
    - Field name: Email
    - Include in SAML assertion: yes
    - Value: Email
    - Field name: First Name
    - Include in SAML assertion: yes
    - Value: First Name
    - Field name: Last Name
    - Include in SAML assertion: yes
    - Value: Last Name
  Email this information to your primary Swivl contact or to support@swivl.com
  1. Email domain or team name
  2. SSO provider: OneLogin
  3. Issuer URL