What can I expect in the outbound SSO setup process?

Overview of outbound SSO

When Limeade acts as the Identity Provider (IdP), SSO is used to access sites or activities for Limeade partners, vendors, or a third-party company requested by the customer. This is regularly done to prevent the need for additional usernames/passwords for systems only utilized from the Limeade platform. 

Outbound SSO is typically tied to a specific event or activity in the Limeade platform, where a user will select the activity and go to the Service Provider’s (SP) site as the actionable item. 

Limeade utilizes SSO exclusively with SAML 2.0 for outbound SSO. Limeade encrypts SAML assertions and will provide our public key/certificate. 

Outbound SSO setup process

Once a request has been made to setup inbound SSO, the following actions are taken:

• Legal documents – any outstanding legal requirements must be complete prior to beginning outbound SSO work
• Questionnaire – partner or vendor fills out an outbound SSO questionnaire
• Finalize scoping – based on responses in the questionnaire, Limeade Data Operations will work with the partner or vendor to gather any missing information and provide guidance for those unfamiliar with SSO or SAML
• Swap metadata – both parties swap SAML metadata and X.509 certificates
• Configuration – both parties configure the SAML integration on their end and confirm when completed
• Create test users – Limeade supplies test users for the partner or vendor to test with
• Testing – The partner or vendor uses test users accounts to test the SSO connection and troubleshoot any issues
• Implementation to Production

The process can take anywhere from 6-8 weeks.

Outbound SSO Assertion

This is what is included in the default SAML assertion:

• EmployerName: The internal Employer Name for the customer in the Limeade platform 
  Example: “EmployerName=StarkCo” 

• Username: User’s self-ascribed Username in the Limeade platform 
  Example: “Username=JeannyBGoode” 

• Email: Email address on file for the user on the Limeade platform 
  Example: “Email=jean.vj@starkco.com” 

• EmployeeID: Employee ID in Limeade platform 
  Example: “EmployeeID=JVJ24601” 

• MemberID: Employee ID in the Limeade platform (same value as EmployeeID) 
  Example: “MemberID=JVJ24601” 

• FirstName: First name on file in the Limeade platform 
  Example: “FirstName=Jean” 
  
• LastName Last name on file in the Limeade platform 
  Example: “LastName=Valjean” 

Limeade can also provide additional user information, including location and Demographic tags in the Limeade platform. Limeade can also provide hard-coded values on a per-customer basis to help distinguish clients.