Setting up integrations in Drimify (Webhooks & Mailers)
๐ Enterprise SSO โ Complete Configuration Guide
Enterprise Single Sign-On (SSO) allows your organization to authenticate users into the Drimify platform using your existing Identity Provider (IdP). This is distinct from any SSO or authentication mechanisms used within games or experiences created on Drimify.
Users with your company domain can securely log in to the Drimify platform without creating separate passwords, and will automatically be assigned to the correct workspace.
This guide covers:
- Available SSO protocols
- OAuth 2.0 configuration
- SAML 2.0 configuration
- Default workspace assignment
- Domain verification (DNS)
- How platform login works
๐ Available SSO Protocols
You can configure Enterprise SSO for platform login using one of the following protocols:
1๏ธโฃ OAuth 2.0 (OpenID Connect)
Recommended for modern Identity Providers. Used by:
- Microsoft Entra ID
- Okta
- Custom OIDC providers
OAuth 2.0 relies on authorization flows and user info endpoints to retrieve user identity securely.
2๏ธโฃ SAML 2.0
Widely used in enterprise environments. SAML uses XML-based authentication assertions exchanged between your Identity Provider and Drimify.
โ๏ธ Creating a New SSO Configuration
Go to: Admin โ Enterprise SSO โ New Configuration
You will need to define:
- Configuration Name
- Email Domain
- SSO Protocol (OAuth 2.0 or SAML 2.0)
Once saved, domain verification will be required before enabling the SSO for platform login.
๐ Email Domain
Enter the domain associated with your organisation. Example: company.com
Users logging in to the Drimify platform with @company.com will automatically be redirected to your SSO provider.
๐ฃ OAuth 2.0 Configuration
Select OAuth 2.0 as the SSO protocol. You must create an OAuth / OpenID Connect application in your Identity Provider first.
๐ Redirect URI (Required in your IdP)
When creating the OAuth application, configure this Redirect URI:
https://my.drimify.com/en/sso/callback/oauth
๐ Client Credentials
- Client ID โ Public identifier provided by your Identity Provider.
- Client Secret โ Private key associated with your OAuth application. Keep it secure.
๐ OAuth Endpoints
Endpoint | Description | Example |
|---|---|---|
Authorisation URL | Where users are redirected to log in | |
Access Token URL | Exchanges the auth code for an access token | |
Resource Owner URL | Returns user identity after authentication |
๐ฏ Scopes
Enter scopes as a comma-separated list. For standard OpenID Connect:
openid, profile, email
These allow access to: unique user ID, email address, first name, last name.
๐ค Attribute Mapping
Your Identity Provider returns user data in JSON format. Define which fields map to required values:
Field | Example value |
|---|---|
ID Field | |
Email Field | |
First Name Field | |
Last Name Field | |
๐ต SAML 2.0 Configuration
Select SAML 2.0 as the protocol. You will need the following values from your Identity Provider:
- Identity Provider Entity ID (Issuer URL) โ Unique identifier of your IdP.
- Single Sign-On Service URL โ The endpoint where authentication requests are sent.
- Single Logout Service URL (Optional) โ Endpoint used for single logout.
- X509 Certificate โ Public certificate used to validate SAML assertions.
- Encryption X509 Certificate (Optional) โ Used if your provider requires encrypted assertions.
- Requested Authentication Context (Optional) โ Defines required authentication strength (e.g. MFA). Leave disabled unless required.
๐ข Service Provider Information
After saving your SAML configuration, Drimify will generate values required by your Identity Provider:
- Service Provider Entity ID (Metadata URL)
- Assertion Consumer Service (ACS URL)
- Single Logout Service (SLS URL)
These must be added to your Identity Provider configuration.
๐ข Default Workspace Settings
Enterprise SSO allows automatic workspace assignment for all users logging in to the platform via SSO. You must define:
- Workspace โ All users authenticating via this SSO will automatically join this workspace.
- Default Department โ Users will be assigned to this department.
- Predefined Role โ Defines the default permissions granted to new users on first platform login via SSO.
๐ Domain Verification (DNS Required)
After saving your SSO configuration, domain verification is mandatory before SSO can be activated for platform login.
To verify ownership:
- A DNS TXT record will be generated.
- Add the TXT record to your domain's DNS settings.
- Click "Verify Domain" inside the platform.
Example record:
Type: TXT
Host: company.com
Value: drimify-domain-verification=xxxxxxxxxxxxxxxx
๐ How Platform Login Works
- User navigates to the Drimify platform and enters their email address.
- If the domain matches a configured SSO, they are automatically redirected to your Identity Provider.
- After successful authentication, they are redirected back to Drimify.
- If new, their platform account is created automatically and assigned to the configured workspace and role.
๐งช Testing Your SSO
Before enabling for all users:
- Test with a user from your domain
- Confirm email mapping works correctly
- Verify first and last names populate properly
- Test logout behaviour
- Ensure the redirect URI matches exactly
โ Common Issues
SSO response did not include an email address
โ Ensure the email scope is included (OAuth) or the email attribute is mapped (SAML).
Invalid redirect URI
โ Confirm it matches exactly: https://my.drimify.com/en/sso/callback/oauth
Domain not verified
โ Ensure the DNS TXT record is correctly added and fully propagated.
๐ Security Recommendations
- Never expose your Client Secret.
- Use HTTPS-only endpoints.
- Restrict your IdP application to your organisation.
- Regularly rotate credentials where possible.
Updated on: 06/05/2026
Thank you!