Skip to main content

Security Assertion Markup Language (SAML) Single Sign-On (SSO) for Site Managers

Learn about SAML and SSO on your site

Written by Brittany Crow
Updated over a month ago

Heads up! This article is intended for Site Managers.

By the end of this article, you will be able to:

  • Understand how SSO works with your site

  • Identify supported authentication methods

  • Outline the setup process between your team and our team

Single Sign-On (SSO) allows users to log into your site using credentials from your organization’s system (e.g., business, school, or internal portal).

With SSO:

  • Users do not create separate login credentials

  • Authentication occurs in your system

  • Access is granted to your site after verification

Before You Begin

ℹ️ Implementation Recommendation:
SSO should be implemented by someone in an IT Support or technical role.

Supported Authentication Methods

We support:

SAML integrations may require additional charges depending on configuration.
This article focuses on SAML SSO.

How SAML SSO works

Here is how SAML SSO works:

  1. A user is directed to your system to log in.

  2. They log in.

  3. An encrypted payload is sent to the Get Connected site, and the payload is decrypted.

  4. We log the user in.

If they have a profile, we log them into it. If they don't have a profile, we create one, log them into it, and ask them to provide information not sent in the payload.

How to set it up

Here, we cover what needs to be completed by your IT staff and us to set up this SSO integration:

Step 1. You complete the CSR request form, and we create and send you a Certificate Signing Request (CSR) for you to purchase. You then create the SSL certificate and send it back to us.

If you're using a custom domain, it must be set up before an SSL can be generated, which comes with additional fees. Contact us via the Message Widget in your Site Manager Dashboard and ask to speak to a human agent to inquire about these fees.

This step can be skipped if a custom domain is being used, and we will use a wildcard certificate instead.

If your site is using a vanity domain (i.e., any domain other than the one created by Galaxy Digital), there are additional fees. Contact us via the Message Widget in your Site Manager Dashboard and ask to speak to a human agent for information about this integration and the associated fees.

Step 2. You send us a link to your public metadata information. This must include:

  • Given Name

  • Surname

  • Email Address

  • Unique identifier (this is optional)

The SAML assertion must also contain a subject with the attribute NameID.

<saml:Subject>

<saml:NameID>ABC123456</saml:NameID>

</saml:Subject>

The value for NameID is usually the Unique Identifier (UID) of the user. A UID from your system—e.g., employee/student ID number—is optional. If you want to include this in the payload, please let us know what variable to use.

Step 3. Once we receive the SSL certificate, we add the load balancer and install your SSL certificate for your selected domain.

This step can be skipped if a custom domain is being used, and we will use a wildcard certificate instead.

Step 4. We install SAML on your site.

Step 5. We provide you with your metadata so that the integration can be completed by your IT staff.

Step 6. We test the connection and troubleshoot as necessary.

Providing us with test credentials can expedite this process. Please consider creating a set of credentials with login permissions or giving access to an existing test account.

Step 7. We notify you that the process is complete and can be used by anyone who has permission to log into your system. Occasionally, small, limited modifications to the process are made at this point, like changing the wording on buttons, as applicable.

Did this answer your question?