Setting Up Single Sign-On (SSO)

🚧

Single-Sign-On is an Enterprise Feature

Contact [email protected] if you are interested!

ReadMe supports the following SAML 2.0 based SSO providers:

  • Active Directory / LDAP
  • ADFS
  • G Suite
  • IP Address Authentication
  • Office 365
  • OpenID Connect
  • PingFederate
  • SAMLP Identity Provider
  • Sharepoint Apps
  • Microsoft Azure AD

Once users log in to ReadMe via the proper login URL https://sso.readme.io/auth/login/YOUR_CONNECTION_NAME they will see all projects associated with the Enterprise account but will only get access to a project after they are added as a user under the members page by an existing Admin.

Implementation Workflow

As of now, here is the flow for setting up an SSO connection with ReadMe

  1. Speak to the CSM to discuss necessary requirements. Usually, this consists of the ACS URL and the X509 Cert. Having these ready will definitely help with the process.
  2. On the call, we will discuss how you will use the connection.
  • Sometimes, our customers will want to use the SSO connection to authenticate and authorize their customers (our end-user) to access the Hubs.
  • In other scenarios, our customers will want to use the connection to authorize their own members to access the documentation.
  1. A ReadMe engineer will set up the connection in our service provider (Auth0) and the CSM will get back to you.
  2. You can test the connection and see that it is working.

What you need to send us for SAMLP

Our permissions system and SAML

By default, every member that signs in with SAML does not have access to the projects (either parent project or child project). The members that do, can log in, and request access for the project.

🚧

Please note!

Just because a user has access to SAML, does not mean they have access to a ReadMe project.

There are two ways you can approve a member through our permission system:

  1. As an administrator, you can approve/reject requests for permission to access that project. So as members (internal/external) log into your authentication service, they can request access.
  2. After you have set up your SAML connection, you can add emails in the input form of the members dashboard. You can specify the usertype as "Read Only" or "Admin"

A user can also request access to a project and an Admin can accept or decline that request. In the members page, the admins can also specify whether a new user should be an Admin or Read Only.

📘

This is the doc for the new SAML connection

If you want to gain access to some new SSO features. Please contact your CSM


Did this page help you?