Single sign-on

Single sign-on allows users to sign into your Kumu Enterprise instance using your existing SAML 2.0 identity provider.

Here are a few links to the documentation for common providers:

• Microsoft Azure

• Google Suite

SSL must be enabled to use SSO to log into your instance.

When setting up your app, you can use Kumu as the app name, and for the Entity ID, you should enter the following, replacing example with the subdomain of your instance:

https://example.kumuenterprise.com

For the Reply URL (Azure) or ACS URL (Google Suite), use the following, once again replacing example with the subdomain of your instance:

https://example.kumuenterprise.com/sso/saml/consume

Set the name identifier to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent and provide attribute assertions for email, firstName, lastName, and username. If you do not provide a username one will be generated automatically from the email address.

If you are using Enterprise Cloud, please provide Kumu with the following so we can configure your instance for you:

• entity ID

• service URL

• base-64 encoded public certificate

If you are self-hosting, please visit https://example.com/enterprise/admin/settings and sign in with your admin account. From your SSO provider, you can get an entity ID, service URL, and a base-64 encoded public certificate. Check the box to enable SSO for your enterprise instance and copy/paste those items into your instance's settings:

With Kumu and your SSO provider configured, you can use your SSO provider to give users access to Kumu. Users can begin the sign-in flow by visiting the url below and clicking the "Sign in via single sign-on (SSO)" button:

https://example.kumuenterprise.com/login

Single sign-on with Azure

If Microsoft Azure is your single sign-on provider, you can follow the instructions below to set up.

1. Click the "Azure Active Directory" button in the sidebar
2. Click "Enterprise Applications"
3. Click "+ New Application"
4. Click "Non-gallery application"
5. Enter "Kumu" for the name of the application
6. Click "Configure single sign-on"
7. Select "SAML-based Sign-on"
8. Enter the "Kumu Domain and URLs" for your organization (provided by Kumu)
9. Select "user.mail" for the user identifier
10. Download the SAML signing certificate (Base 64)
11. Click "Configure Kumu"
12. Copy the service url, entity id, and public certificate over to your organization's SSO settings in Kumu:
13. Within Azure AD, assign users to the Kumu app you just created to enable SSO