Integrating Single Sign-On (SSO)
Smartling provides Enterprise customers wishing to manage their users via their company’s Single Sign-On (SSO) server with two integration options. We work with major authentication systems including Okta, ADFS, and Google.
OpenID Connect 1.0
OpenID Connect (OIDC), is a JSON-based identity management layer built on top of the OAuth 2.0 protocol. You may work with Smartling engineering to integrate their OIDC service as an upstream identity provider. Once configured, you can use your OIDC service to authenticate users to Smartling. Login is initiated using one of the flows below.
This is the recommended integration option for SSO.
If required, Security Assertion Markup Language 2.0 (SAML) can also be integrated for SSO.
SAML requires more implementation effort as it is an XML-based standard for exchanging authentication and authorization data between security domains. As this also requires manual key rotation, you will have to work with Smartling engineering to integrate.
Smartling supports two login flows for initiating login from Smartling.com services using your authentication server.
Link Based Login
Customers who maintain an internal portal and expect users to follow links from this portal into Smartling may use our link based flow. For this flow to work, Smartling will provide a link to your account or project, such as:
Account links: https://sso.smartling.com/sso-apps/dashboard/accounts/1111111
Project links: https://sso.smartling.com/sso-apps/dashboard/accounts/1111111/projects/2222222
When following one of the links above, Smartling’s SSO server will know to use your company ODIC or SAML service for authentication. Instead of seeing the Smartling login form, the user will immediately be redirected to your login URL. When login completes on your authentication service, the user will be redirected back to Smartling and fully authenticated.
Form Based Login
If you expect users to access Smartling.com services via a direct link, you may prefer to use our form based login flow. With form based logins, users will see the normal Smartling login form, however, they will not be required to input a password.
Based on the domain configured with Smartling for SSO, the user will be redirected to your login URL. When login completes on your authentication service, the user will be redirected back to Smartling and fully authenticated.
For example, if your company domain is @example.com, the authentication flow can be configured to redirect all email@example.com login attempts to your SSO server when the user enters credentials on Smartling’s login form. Using this flow, the password field on the Smartling login form will be ignored.
Contact your Smartling representative about setting up SSO