Smartling provides Enterprise customers wishing to manage their users via their company’s Single Sign-On (SSO) server with two integration options. We work with major authentication systems including Okta, ADFS, and Google.
When SSO has been integrated, and you invite users to Smartling, they must first activate their account with a placeholder password. After doing so, SSO will be activated from that user's next log in.
OpenID Connect 1.0
OpenID Connect (OIDC), is a JSON-based identity management layer built on top of the OAuth 2.0 protocol. You may work with Smartling engineering to integrate their OIDC service as an upstream identity provider. Once configured, you can use your OIDC service to authenticate users to Smartling. Login is initiated using one of the flows below.
This is the recommended integration option for SSO.
If required, Security Assertion Markup Language 2.0 (SAML) can also be integrated for SSO.
SAML requires more implementation effort as it is an XML-based standard for exchanging authentication and authorization data between security domains. As this also requires manual key rotation, you will have to work with Smartling engineering to integrate.
Optional Configurations
Auto-registration
Smartling can enable automatic user registration for users that do not currently have Smartling accounts. If this feature is enabled, new users will automatically be granted the Requester user role the first time they log in.
Tip: Consult your Solutions Architect to enable this feature for specific projects.
SSO Enforcement
Enabling SSO does not require users to log in with their SSO credentials. Once SSO is enabled, your users can use SSO or their existing Smartling Dashboard passwords. Smartling can enable SSO enforcement for specific domains and require users to use SSO.
Tip: Consult your Solution Architect to enable this feature for specific domains.
Login Flows
Smartling supports two login flows for initiating login from Smartling.com services using your authentication server.
Link-Based Login
Customers who maintain an internal portal and expect users to follow links from this portal into Smartling may use our link-based flow. For this flow to work, Smartling will provide a link to your account or project, such as:
Account links: https://sso.smartling.com/sso-apps/dashboard/accounts/1111111
Project links: https://sso.smartling.com/sso-apps/dashboard/accounts/1111111/projects/2222222
When following one of the links above, Smartling’s SSO server will know to use your company ODIC or SAML service for authentication. Instead of seeing the Smartling login form, the user will immediately be redirected to your login URL. When login completes on your authentication service, the user will be redirected back to Smartling and fully authenticated.
Form-Based Login
If you expect users to access Smartling.com services via a direct link, you may prefer to use our form-based login flow. With form-based logins, users will see the normal Smartling login form. However, they will not be required to input a password.
Based on the domain configured with Smartling for SSO, the user will be redirected to your login URL. When login completes on your authentication service, the user will be redirected back to Smartling and fully authenticated.
For example, if your company domain is @example.com, the authentication flow can be configured to redirect all user@example.com login attempts to your SSO server when the user enters credentials on Smartling’s login form. Using this flow, the password field on the Smartling login form will be ignored.
Contact your Smartling representative about setting up SSO