Release Notes 02/08/2016: A Widget Improvement & the Introduction of SAML

  • 15
  • Announcement
  • Updated 4 months ago
With this release Get Satisfaction is now offering a new Single Sign On options for our customer communities! We also introduced a small change to our widgets and a couple of small bug fixes for widgets as well.


A Widget Improvement

On the Feedback Widgets, we received feedback that the language around selecting a topic category before posting was preventing users from posting in customer communities. Users thought that a category had to be selected in order to post from the widget, which is not the case. This language has now been updated to show that picking a category is optional.

Introduction of SAML

Security Assertion Markup Language (SAML) has been introduced as another Single Sign On (SSO) option for Get Satisaction communities. While many of our customers do use FastPass, we wanted to provide an additional option for those who wanted a different set up for Single Sign On.

It’s different than FastPass in that you don’t necessarily have to put Get Satisfaction specific code on your end and you don’t have to have your own internal system for managing users. Instead, you could use a service like Okta, OneLogin or even SalesForce. It can be used as one of your multiple login options or as the required login option for your community.

We are currently enabling SAML Single Sign On by request, so please comment here if you would like to have this added to your Get Satisfaction community.
More details about how to configure SAML Single Sign On for your community will be available shortly in our Education Center.
Photo of Tashina

Tashina, Community & Education Manager

  • 24,212 Points 20k badge 2x thumb

Posted 1 year ago

  • 15
Photo of Tina Gallant

Tina Gallant

  • 126 Points 100 badge 2x thumb
Good
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Can I get access to this for our community?
Photo of Tashina

Tashina, Community & Education Manager

  • 24,192 Points 20k badge 2x thumb
Definitely, Mark! I'm setting it up right now. In case you need it, you can find out documentation on SAML SSO in our Education Center.
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Thanks!
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Which connector do you expect us to use in OneLogin?
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Hi Mark, I think I have an idea what you are referring to but don't remember clearly and am having problems accessing OneLogin.  Could you please provide more information and a listing of what connectors you have available?
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
It looks like the app they have for you guys hasn't been updated with SAML options, so I assume we need to use one of the test connectors.

Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Ah ok, I wasn't aware anything was out there.  I'd check it out but I can't login and the password reset flow seems to be broken.  Yea, you should be able to use one of the test connectors.  In your case I think you would want to pick SAML IdP and the other options would depend on your use case.
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Do you have any detail on how to configure the connector? My trial and failure hasn't gotten me there :)
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
I was finally able to get some access by signing up for an account under a new dev domain but I don't have any access to manage the Get Satisfaction app.  I'm going to reach out to them and see if there is any way I can get access and then update it for SAML since we support that now. 

Regarding the test connectors, I remember seeing those in the past but I'm not able to find them anymore.  How do you navigate to the screen above?
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
From the admin console in OneLogin, you select "APPS" then "Add Apps" and then search for what you'd like.
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Any luck Josh?
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Hi Mark, apologize for not responding.  Think I missed the notification of your message and might have to go check my settings.  Let me look into that.  In the meantime I've been in contact with OneLogin to get the app updated for SAML but as you can imagine there's been a bit of delay going back and forth in working out the details.  Will keep you posted when we have something working.
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Hi Mark, I have worked with OneLogin to setup a working Get Satisfaction SAML app.  I'm not sure if it is public yet but you could try searching for it and see if it is available.  If you find it, the only things you should need to configure are your community name and then go to the SSO tab and copy the certificate, Issuer and SAML Endpoint urls and enter them into your community SAML admin section. Under the OneLogin Parameters section Email/Name ID mapping should be left as is and in the community admin the NameID dropdown should remain as email. 
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Hi Mark, just wanted to follow up that I was notified that the app has been published and you should be able to set it up now.  Please let me know if you have any further questions.
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Great. I've set it up, and we're able to authenticate users with it, but there app doesn't appear to provide a way to do custom field mapping. I think you need to add optional parameters for Email, Nick, Display name, First name, Last name, and Second email to your connector.
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Since I don't have the ability to manage the connector I have made a request to see if these can be added. 
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
OneLogin has enabled custom attributes for our app.  I was able to set this up and verify that everything is working.


First I added the new fields to the user directory configuration.



Then I went to my user entry to fill in the values.



After that I had to add the fields to the mapping from the directory to the connector.



Finally I had to go to the Get Satisfaction SAML admin and for our special fields map the names that will be received from OneLogin.  These special fields are ones that are stored on specific records in our app and have meaning so that they show up when you view the user etc..  Any additional fields that don't match up in this configuration are free form and stored as a list on the user's record for the community and can only be seen in a few specific places such as when a moderator hovers over the user profile.  




Hope this helps and let me know if you run into any issues.
Photo of Mark McCallister

Mark McCallister

  • 240 Points 100 badge 2x thumb
Fantastic! This is working great. 

While I have your attention, do you plan to add any provisioning support in the future? Specifically, disabling users.

It would also be great to be able to set the user type in the SAML assertion.

Thank you putting this all together!
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
I don't forsee us adding ability to disable users users since that concept really doesn't exist in our application but I could see the case of setting a user type, or role, so that for example, they are no longer an employee but just a normal user.  If your community is public they could still participate like everyone else or if the community is private and, I believe they are no longer an employee they would not be able to access at all.  This currently isn't on our roadmap but I do recall it being brought up by one other customer.  I'll have to think about this more and see how feasible it is.
Photo of James

James

  • 122 Points 100 badge 2x thumb
Hi Tashina, we'd like to enable SAML for our community.
Photo of Josh King

Josh King, Sr. Engineer

  • 2,586 Points 2k badge 2x thumb
Hi James, I have enabled SAML for your account.  You can go to the SAML admin section to configure it and get the setup information for your IdP.  I'm the engineer who added SAML support so please let me know if you have any problems or questions.
Photo of James

James

  • 122 Points 100 badge 2x thumb
Fantastic, thanks!
Photo of Darin Dugan

Darin Dugan

  • 280 Points 250 badge 2x thumb
Please enable SAML for our community as well.
Photo of Tashina

Tashina, Community & Education Manager

  • 23,998 Points 20k badge 2x thumb
I can set that up for you Darin. To confirm, is /isu the correct community?
Photo of Darin Dugan

Darin Dugan

  • 280 Points 250 badge 2x thumb
Yes, that's correct, Tashina. Thanks!
Photo of Tashina

Tashina, Community & Education Manager

  • 23,998 Points 20k badge 2x thumb
No problem. It's now enabled.
Photo of Ian Chang

Ian Chang

  • 60 Points
Hi Team, Please enable SAML for our community. Thank you!