Single Sign-On (SSO) - Main Configuration
Single Sign-On (SSO) allows users to authenticate once, and gain access to multiple applications without needing to log in to them separately.
Configuring SSO involves setting up details from your Identity Provider (IdP). Follow these steps to configure SSO on your Drimify account:
Before starting the configuration, you will need the following details from your IdP:
* Identity provider entity ID (Issuer URL)
* Single sign-on service URL
* Single logout service URL
* X509 Certificate
* Encryption X509 certificate (optional)
Identity Provider Entity ID (Issuer URL)
Description: The Entity ID (also known as the Issuer URL) is a unique identifier for your IdP. It is usually a URL.
Example: https://idp.example.com/
Single Sign-On Service URL
Description: The Single Sign-On Service URL is the endpoint where the authentication request is sent. This URL is provided by your IdP.
Example: https://idp.example.com/sso/saml
Single Logout Service URL
Description: The Single Logout Service URL is the endpoint used to log out from the IdP.
Example: https://idp.example.com/slo/saml
X509 Certificate
Description: The X509 Certificate is used to verify the identity of the IdP and secure the communication between your platform and the IdP.
Example: A certificate text beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.
Encryption X509 Certificate (Optional)
Description: This certificate is used for encrypting the SAML assertions. It's optional and depends on your security requirements.
Example: A certificate text beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.
After entering all the required information, click on the Save button to apply the settings.
Important: Testing the SSO configuration can only be done using the direct link to your application. The SSO functionality will not work in preview mode.
Ensure that you have set up the SSO game detail within your SSO platform to accept calls from Drimify. These settings can be found in the game publish section at the bottom of the page.
Test the configuration by initiating a login through your IdP using the direct application link to ensure everything is set up correctly.
When setting up Single Sign-On (SSO) in your Drimify account, you can define the authentication method ( authenticationMethod), which specifies how users authenticate with the Identity Provider (IdP). This setting allows you to enforce a particular authentication level, ensuring compliance with your organisation’s security policies.
You can choose from the following authentication methods:
Disable option – Removes this setting from the SSO configuration, preventing any specific authentication method from being enforced.
None (Allow IdP to decide) – No specific authentication method is enforced; the IdP determines the authentication mechanism.
Password Authentication – Standard username and password authentication.
Password Protected Transport – Password authentication over a protected transport layer (e.g. TLS).
X.509 Certificate Authentication – Authentication using an X.509 certificate.
PKI Authentication – Public Key Infrastructure (PKI)-based authentication.
Kerberos Authentication – Authentication via a Kerberos ticket.
Smartcard Authentication – Login using a smartcard.
Smartcard PKI Authentication – Smartcard authentication with PKI.
Time-Synchronous Token – One-time password (OTP) generated via time-synchronous tokens.
Mobile One-Factor / Two-Factor Authentication – Authentication via a mobile device, either with a single or two-factor method.
IP Address Authentication – Authenticates users based on their IP address.
IP Address with Password – Requires both IP-based authentication and a password.
Previous Session Authentication – Reuses a previously authenticated session.
Unspecified Authentication – No specific authentication method is defined.
To configure this in your form, simply select the desired method from the dropdown menu. If no method is explicitly set, the IdP will determine the authentication type.
Incorrect entity ID or URLs: Verify that you have copied the correct URLs and Entity ID from your IdP’s configuration.
Certificate issues: Ensure that the certificates are in the correct format and have not expired.
SSO Platform configuration: Double-check that you have configured the SSO game detail within your SSO platform to accept calls from Drimify.
Authentication method issues: If users are unable to authenticate, check that the selected authentication method is supported by your IdP. If needed, try setting it to "None (Allow IdP to decide)" to troubleshoot compatibility issues.
The game loads without the SSO enabled: Make sure you have enabled the SSO within your game configuration and that your plan includes this Premium option.
Contact support: If you encounter issues, contact our support team.
Configuring SSO involves setting up details from your Identity Provider (IdP). Follow these steps to configure SSO on your Drimify account:
Required information from identity provider (IdP)
Before starting the configuration, you will need the following details from your IdP:
* Identity provider entity ID (Issuer URL)
* Single sign-on service URL
* Single logout service URL
* X509 Certificate
* Encryption X509 certificate (optional)
Step-by-step configuration guide
Step 1: Enter identity provider details
Identity Provider Entity ID (Issuer URL)
Description: The Entity ID (also known as the Issuer URL) is a unique identifier for your IdP. It is usually a URL.
Example: https://idp.example.com/
Single Sign-On Service URL
Description: The Single Sign-On Service URL is the endpoint where the authentication request is sent. This URL is provided by your IdP.
Example: https://idp.example.com/sso/saml
Single Logout Service URL
Description: The Single Logout Service URL is the endpoint used to log out from the IdP.
Example: https://idp.example.com/slo/saml
X509 Certificate
Description: The X509 Certificate is used to verify the identity of the IdP and secure the communication between your platform and the IdP.
Example: A certificate text beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.
Encryption X509 Certificate (Optional)
Description: This certificate is used for encrypting the SAML assertions. It's optional and depends on your security requirements.
Example: A certificate text beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.
Step 2: Save and test configuration
After entering all the required information, click on the Save button to apply the settings.
Important: Testing the SSO configuration can only be done using the direct link to your application. The SSO functionality will not work in preview mode.
Ensure that you have set up the SSO game detail within your SSO platform to accept calls from Drimify. These settings can be found in the game publish section at the bottom of the page.
Test the configuration by initiating a login through your IdP using the direct application link to ensure everything is set up correctly.
Configuring Authentication Method
When setting up Single Sign-On (SSO) in your Drimify account, you can define the authentication method ( authenticationMethod), which specifies how users authenticate with the Identity Provider (IdP). This setting allows you to enforce a particular authentication level, ensuring compliance with your organisation’s security policies.
You can choose from the following authentication methods:
Disable option – Removes this setting from the SSO configuration, preventing any specific authentication method from being enforced.
None (Allow IdP to decide) – No specific authentication method is enforced; the IdP determines the authentication mechanism.
Password Authentication – Standard username and password authentication.
Password Protected Transport – Password authentication over a protected transport layer (e.g. TLS).
X.509 Certificate Authentication – Authentication using an X.509 certificate.
PKI Authentication – Public Key Infrastructure (PKI)-based authentication.
Kerberos Authentication – Authentication via a Kerberos ticket.
Smartcard Authentication – Login using a smartcard.
Smartcard PKI Authentication – Smartcard authentication with PKI.
Time-Synchronous Token – One-time password (OTP) generated via time-synchronous tokens.
Mobile One-Factor / Two-Factor Authentication – Authentication via a mobile device, either with a single or two-factor method.
IP Address Authentication – Authenticates users based on their IP address.
IP Address with Password – Requires both IP-based authentication and a password.
Previous Session Authentication – Reuses a previously authenticated session.
Unspecified Authentication – No specific authentication method is defined.
To configure this in your form, simply select the desired method from the dropdown menu. If no method is explicitly set, the IdP will determine the authentication type.
Troubleshooting tips
Incorrect entity ID or URLs: Verify that you have copied the correct URLs and Entity ID from your IdP’s configuration.
Certificate issues: Ensure that the certificates are in the correct format and have not expired.
SSO Platform configuration: Double-check that you have configured the SSO game detail within your SSO platform to accept calls from Drimify.
Authentication method issues: If users are unable to authenticate, check that the selected authentication method is supported by your IdP. If needed, try setting it to "None (Allow IdP to decide)" to troubleshoot compatibility issues.
The game loads without the SSO enabled: Make sure you have enabled the SSO within your game configuration and that your plan includes this Premium option.
Contact support: If you encounter issues, contact our support team.
Updated on: 26/03/2025
Thank you!