Story Box Library
is now coming to you via
StoryBox Hub
redirecting you...
Back to FAQs Back to FAQs

How do we set up SAML SSO for our organisation?

As of 28 May 2024 we support SAML 2.0 Single Sign-On (SSO) authentication for School and Academic subscriptions. If this is set up for your organisation, your staff and students can log into Story Box Library using their usual school or university credentials.

While this updated functional should work for any identity provider that supports SAML 2.0, it's possible some customisations might need to be made for particular providers. If you follow the steps below and experience any issues, please contact our support team with the details. Include your identity provider's name, screenshots of any error messages and, if possible, screenshots of our configuration in your IdP's portal and a set of test user credentials.

Set up steps

  1. Log in to your StoryBox Account Settings as the Account Holder. (Note: The Organisation Name from your Account Settings will be used during the SSO login method.)
  2. Scroll down to and click 'Configure SSO details' under 'Other Account Actions' at the bottom of the right hand column.
  3. Create your application in your identity provider portal*, then configure the service provider settings in Story Box Library with the following information:
    Identity Provider
    IdP Entity ID or Issuer (note: this requires a / at the end)
    SAML Login URL
    X.509 Certificate
  4. Map the relevant SAML attribute to create/capture user information in Story Box Library (username is the only required attribute, the others are optional):
  5. Click the Update button at the bottom of the page to save your settings.
  6. This will generate metadata URLs for your identity provider. If your provider requires an XML file, you can access yours via the link under "Metadata Download URL". Other details your IdP may require can also be found here.

Note: If your provider requires a metadata file first, you can enter placeholder text in the form, save it to make the metadata file appear, then adjust the details. We're looking into changing how this works.

*Create your application in your identity provider portal

The steps for this vary depending on which identity provider your organisation uses. Terminology can also vary between IdPs. It's best to check with your IdP's documentation for the best way to add a new or custom SAML application to your portal, but you can find some additional information for some IdPs below.

OpenAthens:

Sign in to a generic application using OpenAthens

Cloudwork:

Log into the Cloudwork Dashboard and navigate to Single Sign On>Add New Service>Custom SAML Service. You will need to save the below details into your StoryBox SSO settings:

You can map these attributes from Cloudwork to Attribute Mapping in StoryBox. Note that "user-name" is the only required attribute, the rest are optional:

Testing steps

  1. Log out of your Account Holder settings.
  2. While still on the Story Box Library homepage, click the "LOG IN" button in the top right corner.
  3. Click "SSO".
  4. Find your Organisation Name in the dropdown box.
  5. Click "LOG IN".
  6. Submit user credentials for your organisation.
  7. You should be redirected back to Story Box Library and be logged in when the page loads.

Notes

  • If you had SSO for Story Box Library set up prior to 28 May 2024, you may need to work through the new steps above to restore your connection.
  • As of 28 May 2024 SSO is not currently available in our iOS or Android apps but this should be update by early July 2024.
  • If you've set up SSO we can provide a direct link to your school's SBL SSO login webpage. This removes some steps required for users to log on making the process quicker and easier - please contact us for your link.
  • Users that access SBL via SSO will have some individual user settings available to them (whether captions appear by default and whether playlists loop by default).
  • Viewer username and password combinations will continue to work for schools that have enabled SSO, but in the future when more account individuality is introduced this may be discontinued.