Below is a guide on how you can configure SSO for Synthesia, this is a self-serve option and will take you through the process.
Configure the Identity Provider
Start by following your identity provider’s instructions for creating a SAML 2.0 single sign-on application. For example, here are links to vendor-specific instructions:
You will be asked to provide a number of details. In general, the defaults should be used except in the following cases.
Single Sign On URL
Sometimes referred to as the Assertion Consumer Service URL or Reply URL, please provide the following value:
<https://studio.auth.synthesia.io/saml2/idpresponse>
Audience URI
Sometimes referred to as the Entity ID, please provide the following value:
urn:amazon:cognito:sp:eu-west-1_7hEawdalF
Name Identifier
We require that you specify the NameID
field to be the email address of the user account being used to login, and it should match exactly the email
claim specified below.
Claims
We ask that you include the following claims:
company
email
(Please ensure that this matches theNameID
field described above.)family_name
given_name
picture
(optional and does not need to be used)
The email
claim is used to match a SAML identity with an existing Synthesia account should one exist. This allows SAML SSO to be adopted without any loss of content. You must ensure the claim names are entered exactly as written.
Once configured, your identity provider will make available a Metadata URL. This URL provides everything we need to verify and trust assertions from your identity provider.
💡 TOP TIP 💡
There should not be any namespace and it should not be in a uri format
For Azure AD configuration , this usually means setting the namespace to be blank.
In the event that we are unable to verify your assertions, we will ask you to send an example of one so that we can validate that the integration has been configured correctly.
Contact Synthesia
Once your identity provider has been configured, please provide Synthesia with the following details.
Metadata URL
This will be made available by your identity provider once Synthesia has been configured as an application.
Identifiers
These are the domain(s) that you wish to be associated with SAML SSO (for example,
example.com
). For these domains, all other methods of login will be disabled