User Guide

Account Management

Account Sharing

We encourage team collaboration, and make it possible! As an account administrator, visit "my account" then "team" to invite a collaborator or revoke a previously given access.

This will send an email invitation under your name. Once signed-up, the new team member will have access to all the features of your account, except the team management, billing and payment sections.

Multiple Accounts Access

Multiple accounts is permitted using our sharing access options. We will ask you to not exceed one free account per organisation.

The best way to use several accounts at the same time, is to use a personal master access using your main email address.

After two or more accounts are connected to this email address, a switch button will appear on top of our interfaces allowing you to quickly access an account or another.

Termination of your account

You can cancel your account at any time, by contacting our support team. We'll be very sad to see you leave and would be grateful if you could share your reasons or idea of improvement in your message.

Single Sign-On Authentication

Single Sign-On via SAML

Invite your whole team to collaborate with you with a one-time setup and using your internal enterprise login provider.

In order to activate Single Sign-On integration on your account first of all you need to create your account and make sure your plan includes the feature.

The SSO integration is done via the protocol SAML 2.0 which is widely supported by the identity providers.

Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to Pagescreen via Single Sign-On (SSO). You don't have to invite individual users if your company has a common authentication mechanism already implemented. The users will have restricted access to the resources of the account and will not be able to change the SSO settings themselves unless you promote them to account administrators.

Once you setup the SSO config in your account you can use the https://app.pagescreen.io/sso/team page to login in your workspace.

Steps to enable SAML SSO:

  1. Head to https://app.pagescreen.io
  2. Head to Account page
  3. Head to Single Sign-On tab
  4. Find the SAML Service Provider endpoints on the right
    • EntityID: 
      https://app.pagescreen.io/sso
    • Assertion Consumer Service URL: 
      https://app.pagescreen.io/sso<xXxXxXXxX>
    • Single Logout URL: 
      https://app.pagescreen.io/sso/logout/<xXxXxXXxX>
    • Metadata URL: 
      https://app.pagescreen.io/sso/metadata/<xXxXxXXxX>
  5. Enter or import Identity Provider settings on the left:
    • Workspace name
    • IdP EntityID/Issuer
    • IdP Login Url
    • IdP Logout Url
    • X.509 Certificate
  6. Click Save
  7. Integration is completed



Workspaces

Workspace name

A workspace is a shared place where members communicate and collaborate. The name of your workspace is how we recognize that given team member needs to authenticate against a specific identity provider.

The workspace name is defined by you for your team. Normally this name includes a short slug of your company name or domain. It should be short and unique. Spaces or other special characters are not allowed.

You can also use a direct link to your environment with adding the workspace name to the team link as https://app.pagescreen.io/sso/team/<workspace-name>

Identity Provider (IdP)

Identity Provider (IdP) Configuration

An identity provider is a trusted authentication service that lets you use Single Sign-On (SSO) to access our platform. It can be either internal or external service like Google or Auth0.

IdP Entity ID / Issuer:

Provided by the IdP

IdP SSO Url:

Provided by the IdP

IdP X.509 Certificate:

An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. This certificate is used to verify and sign the requests and responses within the communication with the IdP. The certificate contents is normally part of the IdP Metadata, so it can be imported right away.

Provided by the IdP

Import IdP Metadata XML

In the interfaces of most identity providers you can find an option to download their Metadata XML file, which after you can import in Pagescreen in order validate the contents and contectivity between the services.

Import from remote hosted Url
Import Metadata XML file
Import Metadata contents



Service Provider (SP)

Entity ID / Issuer

EntityID: https://app.pagescreen.io/sso

Assertion Consumer Service (ACS) Url

HTTP POST Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Single Logout Service

HTTP Redirect Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

SP Metadata

You can find Pagescreen Service Provider metadata at https://app.pagescreen.io/account/sso page on the right. There's the option to use it as a hosted url or download it as xml file.

Our Metadata will be signed by default.

Resources

Pagescreen icon: https://app.pagescreen.io/sso/logo (512x512px)

User Attributes Mapping

User Attributes Mapping

Attribute Name Description Alternatives
email E-Mail Address mail
emailaddress
email_address
http://schemas.xmlsoap.org/claims/EmailAddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
firstname First Name givenname
first_name
given_name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
lastname Last Name familyname
last_name
family_name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

NameID Format

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Signatures & Encryption

All outgoing requests are being signed and encrypted by default. All incoming XML requests will be validated.

You can find Pagescreen public certificate at https://app.pagescreen.io/sso/certificate

Authentication request

AuthNRequest:

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Signature Algorithm

The default signature algorithm is SHA-256.

http://www.w3.org/2001/04/xmldsig-more#rsa-sha256


If you need another algorithm to be used please contact us.

Supported signature/encryption algorithms:

Digest Algorithm

http://www.w3.org/2001/04/xmlenc#sha256

IdP Guides

As every Identity Provider platform (IdP) has different steps to configure and enable a Service Provider application (SP) we've prepared quick how-to guide for the major platforms such as Google, Auth0, OneLogin and miniOrange.

Google Identity Provider

G-suite as Identity Provider

Detailed IdP setup

  1. Following the steps at Google SSO Guide
  2. Step Google IdP Information
  3. Choose Option 2 and Download Metadata xml
  4. Click Next
  5. Step: Add Basic information for Pagescreen
    1. Application name: Pagescreen
    2. Upload logo: Download logo from https://app.pagescreen.io/sso/logo
  6. Step Add Service Provider Details
    1. ACS URL https://app.pagescreen.io/sso<xXxXXxXXxXx>
    2. Entity ID: https://app.pagescreen.io/sso
  7. Click Next and finish the process

Connect with Pagescreen

  1. Go to Pagescreen > Account > Single Sign-On > Import https://app.pagescreen.io/account/sso/import
  2. Select the file downloaded at Step 2 of the wizard and click Import
  3. Choose workspace name and click Save
  4. Integration is completed

Auth0.com Identity Provider

Setup Pagescreen SSO with Auth0 via SAML

  1. Following the steps at https://auth0.com/docs/protocols/saml/saml-idp-generic
  2. Go to auth0.com and sign up for an account.
  3. Create a new application or use your existing one
  4. Go to Addons tab
  5. Enable SAML2 web app addon
  6. Go to Pagescreen > Account > Single Sign-On
  7. Copy ACS URL and paste it in Application Callback URL input
  8. Download pagescreen_saml.crt from Single Sign-On tab on Pagescreen
  9. Copy to settings json: 
    {
    "mappings": {
        "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
        "firstname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
        "lastname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
    },
    "signResponse": true,
    "signingCert": "<copy the contents of pagescreen_saml.crt>",
    "logout": {
        "callback": "https://app.pagescreen.io/sso/logout/<xXxXXxXxXXX>",
        "slo_enabled": true
    }
}
  10. Replace value of signingCert with the contents of the downloaded pagescreen_saml.crt file
  11. Copy Single Logout URL and replace logout.callback with it
  12. Click Save

Connect with Pagescreen

  1. On the Usage tab in Auth0 download the metadata xml file
  2. Go to Pagescreen > Account > Single Sign-On > Import https://app.pagescreen.io/account/sso/import
  3. Select the downloaded metadata file and click Import
  4. Choose workspace name and click Save
  5. Integration is completed

OneLogin Identity Provider

Setup Pagescreen SSO with OneLogin via SAML

Add connector application:

  1. Create OneLogin account
  2. Add application under Apps
  3. Search for term SAML and pick one of:
    • SAML Test Connector (IdP) w/encrypt signed resp
    • OneLogin SAML Test (IdP) w/ NameID (unspecified)
  4. Setup according to the details below

SAML Test Connector (IdP) w/encrypt signed resp

Configuration tab: Connector

RelayState

// empty

Audience

https://app.pagescreen.io/sso

Recipient

https://app.pagescreen.io/sso<xXXxXxXXXxx>

ACS (Consumer) URL Validator Regex

(https:\/\/app\.pagescreen\.io\/sso)[a-zA-Z0-9]+

ACS (Consumer) URL

https://app.pagescreen.io/sso<xXxXXxXXxXx>

Single Logout URL

https://app.pagescreen.io/sso/logout/<xXxXXxXXxX>

Public key

-----BEGIN CERTIFICATE-----
MIIDdjCCAl4C...
-----END CERTIFICATE-----

OneLogin SAML Test (IdP) w/ NameID (unspecified)

SAML Consumer URL

https://app.pagescreen.io/sso

SAML Audience

https://app.pagescreen.io/sso

SAML Recipient

https://app.pagescreen.io/sso<xXXxXxXXXxx>

SAML Single Logout URL

https://app.pagescreen.io/sso/logout/<xXxXXxXXxX>

ACS (Consumer) URL Validator Regex

(https:\/\/app\.pagescreen\.io\/sso)[a-zA-Z0-9]+



Parameters tab

For the following parameters do:

Attribute Name Description
email E-Mail Address
firstname First Name
lastname Last Name
  1. Add new parameter - email
  2. Check Include in SAML assertion
  3. Select value Email from the dropdown
  4. SSO Tab
    • Select SAML Signature Algorithm - SHA-256

Connect with Pagescreen

  1. Go to Pagescreen > Account > Single Sign-On > Import https://app.pagescreen.io/account/sso/import
  2. Select the downloaded metadata file and click Import
  3. Choose workspace name and click Save
  4. Integration is completed

miniOrange Identity Provider

Setup Pagescreen SSO with miniOrange via SAML

More information at miniOrange SSO integration

Step: IdP Setup

  1. Go to your account at miniOrange.com
  2. Go to Add Application
  3. Search for Custom App
  4. Download pagescreen-metadata.xml from Pagescreen > Account > Single Sign-On https://app.pagescreen.io/account/sso
  5. In miniOrange click Import SP Metadata, click File and select the downloaded file.
  6. Enter Application Name: Pagescreen
  7. Copy Single Logout URL from Pagescreen and paste it into the input in miniOrange

  8. Fill the attribute settings as follows

    • Name ID: E-Mail Address
    • NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    • Identity Source: (The source you prefer)

  9. Attributes:

    Attribute Name Description
    email E-Mail Address
    firstname First Name
    lastname Last Name
  10. Click Save
  11. Go back in the application list click on Metadata
  12. Click on Download Metadata XML

Connect with Pagescreen

  1. Go to Pagescreen > Account > Single Sign-On > Import https://app.pagescreen.io/account/sso/import
  2. Select the downloaded metadata file and click Import
  3. Choose workspace name and click Save
  4. Integration is completed

Table of Contents

Try us now for Free

Play with Pagescreen for 14 days, access to all features.

Start a free trial Contact sales