To complete these steps you will need access to your Cloudwork administrator portal and your StoryBox Hub Account Holder login details.
Set up steps
- Log in to your Cloudwork administrator dashboard.
- Navigate to Single Sign On > Identity Provider.
- Download the XML metadata file and keep this window open - you'll need information from it for step 7.
- In a separate browser tab or window, log in to your StoryBox Account Settings as the Account Holder.
- Scroll down to Other Account Actions on the right hand side and click Configure SSO details.
- For Identity provider choose "Cloudwork".
- Fill in these sections as follows:
- IdP Entity ID or Issuer: Copy the Entity ID URL from your Cloudwork dashboard and paste it here. It will look something like this: https://demo-login.cloudworkengine.net/saml2/idp/metadata.php
- SAML Login URL: Copy the Sign On Endpoint URL from your Cloudwork dashboard and paste it here. It will look something like this: https://demo-login.cloudworkengine.net/saml2/idp/SSOService.php
- X.509 Certificate: Open the XML file you downloaded in step 3 in a text editor, copy all the text, then paste it here, topping with -----BEGIN CERTIFICATE----- and tailing with -----END CERTIFICATE----- as per the example underneath the text box.
- User name attribute: Enter User-Name for now, but we might have to change this later.
- Click the Update button at the bottom of the page.
- This will generate a new section called Metadata to configure the IDP. Click on the Metadata Download URL link. This will open the metadata for Cloudwork in a new browser tab. Save it as an XML file.
- Back in Cloudwork, navigate to Single Sign On > Add New Service > Upload an XML File.
- Enter StoryBox Hub for the name.
- Choose the XML file you saved from your StoryBox Hub SSO settings in step 9 and upload it here.
- Click Submit.
- Navigate to Cloudwork Dashboard > Single Sign On Services > StoryBox Hub > Attribute Map. Use the information here to populate the Attribute Mapping fields in StoryBox Hub SSO Settings:
- User name attribute (required): This is not displayed anywhere but is used as a unique identifier for the sub-account that gets created during an SSO user's first log in. As such it is required, or individual sub-accounts cannot be created. The default is usually User-Name.
- Email attribute (optional): The default is usually mail.
- First name attribute (optional): If this is mapped it will appear in the top right corner when an SSO user is logged in, in the dropdown menu that takes them to their account settings. If it isn't mapped the organisation name will appear here instead. The default is usually givenName.
- Last name attribute (optional): The default is usually sn.
- (Role and Group name attributes are optional and not currently utilised but may be used for personalised functionality in the future.)
- Click Update to save your StoryBox Hub SSO settings. You should now be ready to test the connection.
Testing steps
- Log out of your StoryBox Hub Account Holder settings.
- While still on the StoryBox Hub homepage, click the LOG IN button in the top right corner.
- Click SSO.
- Find your Organisation Name in the dropdown box. (You can edit the name that shows here in your Account Holder settings.)
- Click LOG IN.
- Submit user credentials for your organisation.
- You should be redirected back to StoryBox Hub and be logged in when the page loads. If you've mapped the attributes correctly and you included a First Name attribute, you should see the first name of the user you logged in as in the top right hand corner.
Direct login page link and Level URL
If you can log in successfully, you can use this URL format as a direct link to your organisation's StoryBox Hub login page:
https://storyboxhub.com/login?sso_id=XXXX
Replace XXXX with the same number you see in your StoryBox Hub Entity ID and ASC URLs.
If you are adding StoryBox Hub to your Electronic Collections, use this URL in the Level URL field.
Troubleshooting
If you follow the steps above and experience any issues, please contact our support team with these details:
- Your identity provider's name
- Screenshots of your SAML configuration from your IdP’s admin portal
- Screenshots of any error messages
- A set of test user credentials