Overview of outbound SSO
When Limeade acts as the Identity Provider (IdP), SSO is used to access sites or activities for Limeade partners, vendors, or a third-party company requested by the customer. This is regularly done to prevent the need for additional usernames/passwords for systems only utilized from the Limeade platform.
Outbound SSO is typically tied to a specific event or activity in the Limeade platform, where a user will select the activity and go to the Service Provider’s (SP) site as the actionable item.
Limeade utilizes SSO exclusively with SAML 2.0 for outbound SSO. Limeade encrypts SAML assertions and will provide our public key/certificate.
Outbound SSO setup process
Once a request has been made to setup inbound SSO, the following actions are taken:
- Legal documents – any outstanding legal requirements must be complete prior to beginning outbound SSO work
- Questionnaire – partner or vendor fills out an outbound SSO questionnaire
- Finalize scoping – based on responses in the questionnaire, Limeade Data Operations will work with the partner or vendor to gather any missing information and provide guidance for those unfamiliar with SSO or SAML
- Swap metadata – both parties swap SAML metadata and X.509 certificates
- Configuration – both parties configure the SAML integration on their end and confirm when completed
- Create test users – Limeade supplies test users for the partner or vendor to test with
- Testing – The partner or vendor uses test users accounts to test the SSO connection and troubleshoot any issues
- Implementation to Production
The process can take anywhere from 6-8 weeks.
Outbound SSO Assertion
This is what is included in the default SAML assertion:
- EmployerName: The internal Employer Name for the customer in the Limeade platform
- Username: User’s self-ascribed Username in the Limeade platform
- Email: Email address on file for the user on the Limeade platform
- EmployeeID: Employee ID in Limeade platform
- MemberID: Employee ID in the Limeade platform (same value as EmployeeID)
- FirstName: First name on file in the Limeade platform
- LastName Last name on file in the Limeade platform
Limeade can also provide additional user information, including location and Demographic tags in the Limeade platform. Limeade can also provide hard-coded values on a per-customer basis to help distinguish clients.