SAML 2.0 Single-Sign-On 

Kitewheel supports Single-Sign-On (SSO) for SAML 2.0 identity providers. Please contact Kitewheel Support if you are interested in enabling this for your organization. 

Supported Types of Connections

  • SAML 2.0 Single-Sign-On

  • IdP-Initiated Single-Sign-On

  • SP-initiated Single-Sign-On

Kitewheel accepts a digital signature with SAML Assertion

Kitewheel does not support any form of Single-Sign-Off 

SAML Attributes and User Set-Up

Kitewheel uses “Email” as the unique identifier ID for the SAML assertions and we cannot use other identifiers as Kitewheel only holds email addresses as the globally unique identifier. When setting up SSO for your organization, Kitewheel will require a list of users for the SSO. It is important to note that Kitewheel provisions accounts based off of email addresses and the email addresses are then added individually and manually.

Single-Sign-On Login Screen

The Kitewheel login screen first asks for an email address: 

  • If you are a Kitewheel user at an organization where Kitewheel manages the password then you will be passed to a screen that asks for your Kitewheel password.
  • If your organization is set up for single sign-on then you will be directed to your familiar SAML identity provider where you will be asked to authenticate using your standard username and password.  

The Single-Sign-On managed login flow looks like this: 

followed by the screen from your identity provider which should be familiar. If you successfully authenticate then Kitewheel will pass you through to the Kitewheel home page

Changing Your Password

If your organization usernames and passwords are managed by your identity provider then you should be familiar with the process for resetting your password. This typically does not involve Kitewheel. 

Account Provisioning 

Kitewheel does not automatically provision accounts from your identity provider. Please add users in the normal way to your organization and this will allow them to access the Kitewheel Hub if the identity provider verifies their identity. 

Acquia Lift Single-Sign-On

Kitewheel supports a single-sign-on process for Acquia Lift and Acquia Journey customers. Please contact your Acquia support representative for details.