All Collections
Account Management
Account Security
Using SAML 2.0 SSO with Chameleon
Using SAML 2.0 SSO with Chameleon

How to enable and configure Single Sign-On to Chameleon for your team

Pulkit Agrawal avatar
Written by Pulkit Agrawal
Updated over a week ago

SAML is a language/system that allows access to multiple different web applications using one set of login credentials. This allows more secure access, clearer visibility of access by users, and easier controls to manage access.

Various providers offer Single-Sign-On (SSO) access, including the following that Chameleon supports:

  • Google OAuth

  • Okta

  • Azure AD

  • Microsoft AD

  • OneLogin

  • VMware Workspace ONE

Logging into Chameleon via Google OAuth is available to all customers and can be initiated from the login page. In addition, account Admins can restrict access to be via Google only to provide extra security. This can be configured from the Rights page in your Chameleon dashboard.

All other providers via SSO + SAML (e.g. Okta) require some custom configuration and are available as a paid add-on. You can learn more about Chameleon's pricing plans here.

If you are interested in using SSO with Chameleon please email us or speak with your account manager:

SSO Configuration

A member of the Chameleon team will generate a link for your SSO Admin to visit, fill out, and quickly configure SSO for your Chameleon account.

Setting up SSO to work with Roles

For customers on an Enterprise plan or who have access to Roles an Permissions (RBAC), you can configure your teammates to have Admin, Viewer, Creator, Publisher, Designer, Engineer roles. These allow fine grained control over the workflows within Chameleon. With SSO you can configure your users to automatically receive the ir Chameleon roles via the custom property called roles. The roles field is formatted as a comma separated list of the roles you want the user to have.

Some common combinations of Roles and the value that should be set into the custom field in your SSO provider are as follows:

Admin: admin

Viewer: viewer

Creator + Designer: team_creator,team_designer

Engineer: team_engineer

Publisher: team_publisher

Note that Admin and Viewer are used alone but the team_* prefixed Roles can be used in any combinations.

Did this answer your question?