Skip to main content
Using SSO in Chameleon

Learn how to enhance security when logging in to your Chameleon account

Tiago Mota avatar
Written by Tiago Mota
Updated over a week ago

Single Sign-On (SSO) is a system that allows users to access multiple applications with a single set of login credentials. You can enable SSO in Chameleon regardless of your plan. This allows more secure access, clearer visibility of access by users, and easier controls to manage access.

Availability & Usage

πŸ” Add-on available for all plans

βš™οΈ Add from the Dashboard

What SSO providers does Chameleon support?

Various providers offer Single-Sign-On (SSO) access, including the following that Chameleon supports:

We support other SSO providers, for example, OneLogin, VMware, or Oracle. You can explore the full list of providers when setting up SSO on your account.

Chameleon also supports SSO via custom OpenID Connect (OIDC) or Assertion Markup Language (SAML). You can access these as well from the setup pages and simply follow the steps provided to finish setting up SSO.

β„Ή You can use multiple providers for SSO / SCIM if needed -- for example Duo for SSO and Okta for provisioning.

SSO configuration

You can leverage SSO to enhance the security of your account on any Chameleon plan. If you are interested in using SSO with Chameleon head over to the Billing page and select the SSO add-on.

πŸ‘‰ Once you select a provider, simply follow the step-by-step instructions and then update your authentication method to SSO, on the Rights page.

β„Ή Logging into Chameleon via Google OAuth is available to all customers and can be initiated from the login page. In addition, account "Admins" can restrict access to be via Google only to provide extra security. Configure this from the Rights page in your Chameleon Dashboard.

Setting up SSO to work with Roles

For customers on an Enterprise plan or who have access to Roles and Permissions (RBAC), you can configure your teammates to have "Admin", "Viewer", "Creator", "Publisher", "Designer", and "Engineer" Roles.

These allow fine-grained control over the workflows within Chameleon. With SSO you can configure your users to automatically receive their Chameleon Roles via the custom property called roles. The roles field is formatted as a comma-separated list of the roles you want the user to have. Map this to the roles attribute. If you identity provider has configuration for Namespace, use urn:ietf:params:scim:schemas:core:2.0:User.

Some common combinations of Roles and the value that should be set into the custom field in your SSO provider are as follows:

Admin: admin

Viewer: viewer

Creator + Designer: team_creator,team_designer

Creator + Publisher: team_creator,team_publisher

Creator + Designer + Publisher: team_creator,team_designer,team_publisher

Engineer: team_engineer

Publisher: team_publisher

Note that Admin and Viewer are used alone but the team_* prefixed Roles can be used in any combinations.

Did this answer your question?