Generic workflow for configuring Single Sign On

Configuring your IdP settings

Configuration varies with each IdP.

Lifesize Cloud requires these settings in your IdP:

  • Assertion Consumer Service (ACS) URL:  https://login.lifesizecloud.com/ls/?acs
  • Attribute names or statements (firstname, lastnameemail) which must match those in Lifesize Cloud. Note: The following Name ID format is required:

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

  • Entity Id: https://login.lifesizecloud.com/ls/metadata/
  • URL that your IdP uses to receive single sign-on requests.  This URL must match the value in the Login URL field in Lifesize Cloud (Advanced Settings > SSO Integration — SSO Configuration).
  • Default Relay State: Matches the Relay State field in Lifesize Cloud. Note: The Relay State field will be populated after you have entered your settings and clicked Test in Lifesize Cloud. See Configuring SSO below.
  • X.509 encoded security certificate:
-----BEGIN CERTIFICATE-----MIIEHzCCAwegAwIBAgIJAOeNkbnxVVV/MA0GCSqGSIb3DQEBBQUAMIGlMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExEjAQBgNVBAcMCUJhbmdhbG9yZTERMA8GA1UECgwITGlmZXNpemUxFzAVBgNVBAsMDkNvbW11bmljYXRpb25zMRowGAYDVQQDDBFsaWZlc2l6ZWNsb3VkLmNvbTEtMCsGCSqGSIb3DQEJARYecHJvZHVjdG1hbmFnZW1lbnRAbGlmZXNpemUuY29tMB4XDTE1MDcwNjEwMTIxNloXDTI1MDcwMzEwMTIxNlowgaUxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmFuZ2Fsb3JlMREwDwYDVQQKDAhMaWZlc2l6ZTEXMBUGA1UECwwOQ29tbXVuaWNhdGlvbnMxGjAYBgNVBAMMEWxpZmVzaXplY2xvdWQuY29tMS0wKwYJKoZIhvcNAQkBFh5wcm9kdWN0bWFuYWdlbWVudEBsaWZlc2l6ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6r/qWOveMypCpRBksGEVkLAeDcC08lQ0yxB3s3hEmAU6I7ZCr6JUsS1ldHXRR7ZJhKk148LOa0p5/3kbyD5p4rpG03LEVPNi43P8SA6Uct7OEu3to/aVjQlkLyXw9f2bX5BhdqGV7ftr8n1O9GMZAUwjd7LfrEvGrOM8R/IH60/L1SMpCyx2yIJ4vQ80gSonPYXvc7AnmnFjGLkYSOzBfETpxzGkgr9jqotADRjF6oEerxBhKcjQVHIjQvW1Dt4jEQT1ndOzLt0Kw/MzrbxkokQ2JhGuGUWX1o/OPDrQ5nflYN9rhJgOSiTsB1e4T9loeZTUjDPi3y2dVWDZXM8tAgMBAAGjUDBOMB0GA1UdDgQWBBSe51Gqi8w/xJp/QMlTiHlY/hqwXzAfBgNVHSMEGDAWgBSe51Gqi8w/xJp/QMlTiHlY/hqwXzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB6O0X7VS9dFaDQI30NMgabvc3RRkn0QiIC42uX3NB9Lt75k/KWK5keOlTci339qZHatEii6ZkGp9eLrW/97sCitBrM7RXRpYf7IVGTRLb6NYrKitM5wAxpFwj18/2DZi4ugg3DaFCAUz7jMi1LUMeu/X59ilFn5sx7wz+J/VJAHF2W17vdpBY6qXXAdv9BwO5ii4g5W0gWAcVQKL8k7kz7ZEx+Fpn3HT3vB09ZWrtIZlFttc/+B7C9kAvR69H73Exg1wHAuFfXeIwC3zTssV7JXD2YJOCmC9Tp8mpXEAN9nEMFKBBmVVUCHQIn0tkt+LzJjFq0AkCNg542kTWgvWjt-----END CERTIFICATE-----

Configuring SSO in Lifesize Cloud

  1. From the web console, open Advanced Settings > SSO Integration and set these values:
  • Identity Provider Issuer: A unique identifier for your IdP, which is available in your IdP configuration interface.
  • Login URL: The URL where your IdP receives single sign-on requests.
  • Certificate: The encoded information for your security certificate that your IdP generates.
  • First Name, Last Name, and Email: Attributes that SAML uses to identify users. Your IdP submits them to the Lifesize login service and the login service uses these attributes to build an account for each user.
  1. After configuring your IdP and Lifesize Cloud settings, click Test to confirm your configuration. Your settings are validated against your IdP.
  2. Once testing is successful, click Update to enable SSO.
  3. Copy the URL from the Relay State field, then enter it as the default relay state setting in your IdP. Note: The Relay State field is populated after you enter your settings and click Test in Lifesize Cloud. Relay State configuration is required for IdP initiated flow to work correctly for Lifesize Cloud.