#From July 29 - August 2, we’ll be closing our live support channels in observance of a company holiday. You can still submit help requests online, and we’ll answer as quickly as possible.
#From July 29 - August 2, we’ll be closing our live support channels in observance of a company holiday. You can still submit help requests online, and we’ll answer as quickly as possible.

Setting up SAML SSO for your team

Single-sign on (SSO) is an authentication method allowing users to log into multiple resources using one set of credentials. Prezi features SAML SSO that significantly improves the ease and security of User Management for your team. 

Pro Tip: To find the answers for the most frequently asked questions in connection with SAML SSO for teams, please read this article.

Setting up SAML SSO

You must be the Team Admin in Prezi and also have the right to manage your SAML SSO Provider settings in order to set up SAML SSO for your Prezi Team.

First of all, you will have to enable SAML SSO for your team or organization. After validation (sign out and sign back in with SSO), you will be able to enforce it to all your team members.

Note: For detailed instructions on configuring your identity provider, please go to these articles on configuring OneLogin, Okta, AuthO and Microsoft Active Directory.


General SAML configuration

To manually configure your SAML app please follow this list of required configurations:

1. Configure app claims. Prezi requires three claims to be passed:

    • Email as SAML NameID

    • First Name as given_name

    • Last Name as family_name

2. In your IdP set Audience to be https://prezi.com/ and Single sign on URL (or ACS) to https://prezi.com/complete/saml/

3. Download Certificate (Base64) and copy its content to team admin Certificate (X.509) field.

4. Copy IdP Entity ID, also known as IdP Issuer to team admin Identifier or issuer URL field.

5. Copy Single Sign On URL to team admin SAML 2.0 Endpoint (HTTP) field.

 

Enabling SAML SSO:

1. Log in at Prezi.com with your Team Admin account and go to “Admin Console".

2. From the “Admin Console”, click the “Settings” tab. 

3. Navigate to the “SAML Single Sign-On” section and use the switch to enable SSO.

SSO_Disabled_and_Enforce_Disabled.png4. Fill out the required information that you can get from your SSO Provider. To receive this information from the provider, you will be asked to share some data. We've provided this data with “Copy” buttons next to the fields for ease of use. 

5. Click “Save” after you have filled out all fields.

6. Test SAML SSO. Log out from your account and log in by using SAML SSO this time. 

SSO_Switched_on_-_Enabled_Success.png

Note: By following these steps, SSO should be successfully enabled. If the “Log in with SSO” didn't work out, you can still log in with the regular method. If the issue cannot be fixed, please contact our Support team

Enforcing SAML SSO:

Use “Enforced SAML SSO” to set this as the only authorization method for your team members. The option can only be enabled after successfully enabling and testing SAML SSO authorization. 

1. Visit the SAML SSO section of the "Admin Console" again.

2. Enable “Enforce SAML SSO” by ticking the box next to it.

Turn_off_SSO_-_SSO_On.png

After a double confirmation, all your Team Members who haven't used SAML SSO to log in at Prezi.com will be logged out. They will have to log back in, but this time by using SAML SSO.

Note: We strongly recommend informing your colleagues before enabling “Enforced SAML SSO”.

Disabling SAML SSO for your team

To disable enforced SAML SSO, go back to the SAML SSO section of the "Admin console and untick the box next to "Enforce SAML Single sign-on".

To disable SAML SSO altogether, use the switch next to "Use SAML Single sign-on" You will have to verify this action in a pop-up window before finalizing the step.

Turn_off_SSO_-_Modal.png

Please know that team members can only use the SAML SSO authorization method while it's enforced. Once it is disabled, users will be able to use any other authorization method that is associated with their email, including SAML SSO if it's still enabled (even though not enforced).

Note: After disabling SAML SSO completely, team members will still be able to use other authorization methods. You might have two groups of team members with different authorization settings.

Before disabling SAML SSO, please read the below information on how this will affect the above-mentioned two groups of team members.

1. Members who used other authorization methods before Enabling SSO, such as Facebook, Google or email: After disabling SAML SSO, these users will be able to log in at Prezi.com with their other authorization method. No email will be sent to this group to inform them about the changes.

2. Members who were added through the SAML SSO provider without any other authorization method in place: Once SAML SSO is disabled, Prezi will send an email asking these users to create a password for their new account. After doing so, users will be able to log in again with the same email address and the new password. Users will also be able to create their new password manually by using the regular "Reset password" flow on the login page.

 

Was this article helpful?

We're here to help

Got a question? Reach out to our support team.

contact support buoy icon

Contact support