Single-Sign-On

SAML 2.0 Single-Sign-On

Xponent supports Single-Sign-On (SSO) for SAML 2.0 identity providers. Please contact Xponent Support if you are interested in enabling this for your organization.

Supported Types of Connections

SAML 2.0 Single-Sign-On
IdP-Initiated Single-Sign-On
SP-initiated Single-Sign-On

Xponent accepts a digital signature with SAML Assertion

Xponent does not support any form of Single-Sign-Off

SAML Attributes and User Set-Up

Xponent uses “Email” as the unique identifier ID for the SAML assertions and we cannot use other identifiers as Xponent only holds email addresses as the globally unique identifier. When setting up SSO for your organization, Xponent will require a list of users for the SSO. It is important to note that Xponent provisions accounts based off of email addresses and the email addresses are then added individually and manually.

Single-Sign-On Login Screen

The Xponent login screen first asks for an email address:

If you are a Xponent user at an organization where Xponent manages the password then you will be passed to a screen that asks for your Xponent password.
If your organization is set up for single sign-on then you will be directed to your familiar SAML identity provider where you will be asked to authenticate using your standard username and password.

The Single-Sign-On managed login flow looks like this:

followed by the screen from your identity provider which should be familiar. If you successfully authenticate then Xponent will pass you through to the Xponent home page.

Changing Your Password

If your organization usernames and passwords are managed by your identity provider then you should be familiar with the process for resetting your password. This typically does not involve Xponent.

Account Provisioning

Xponent does not automatically provision accounts from your identity provider. Please add users in the normal way to your organization and this will allow them to access the Journey Hub if the identity provider verifies their identity.