Documentation

    How to connect your SAML provider to Upscope

    Connecting Your SAML Provider to HelloScreen

    HelloScreen provides a generic auth provider for SAML2-based authentication, allowing you to connect any SAML2-enabled IdP system.

    Supported SAML Services

    HelloScreen supports the following SAML services:

    • Identity and Service Provider initiated SSO
    • Identity Provider initiated SLO (Single Logout)

    Connect Your IdP to HelloScreen

    To connect your IdP to HelloScreen, navigate to the SAML section of the membership settings. You'll find these under General Settings » Team settings & SSO » SAML.

    1. Change the Enable SAML SSO setting to Yes.

    2. Scroll to the bottom of the page to find the Configuration information, which includes:

      Configuration Description
      SAML Consumer URL Used to log you into HelloScreen. This could also be called Assertion Consumer Service.
      SAML Single Logout URL Used to log you out of HelloScreen when you log out in your IdP.
      SAML Entity ID This could also be called Metadata, and it identifies your HelloScreen team.
    3. Create a custom application in your IdP using the information above. Your IdP will then provide you with either a XML file or a Metadata URL.

      • If you are given a Metadata URL, enter it under the IdP Metadata URL setting on the HelloScreen website.
      • If you are given a XML file, copy its content to your clipboard and paste it into the IdP Metadata XML setting on the same page.
    4. Save the settings, and SAML will be fully set up.

    Options

    In the SAML section, you'll find the following options:

    Option Description
    Automatically provision new SAML users? Set up HelloScreen to automatically create an account for users logging in with SAML, without needing manual invitations. They will receive your default permission set (typically "start session" and "view user list"). If set to no, an admin must invite new agents on the members page before they can log in.
    Exclude root user from SAML SSO requirement? If set to yes, the root user (Account Owner) will not be required to log in through SAML and can use a password or a magic link. This is useful if you have an email address not part of your IdP for cloud operations.