Pinpoint supports SAML providers for Single Sign On. Please note that our current SAML implementation does not yet support Just in Time account creation ('Provisioning'). This means that a user will only be logged in to Pinpoint if their account has already been created. If a client would like this functionality, please talk to the Dev team about this, and we will discuss requirements. This guide does preemptively configure LastPass to include the First and Last name when it is authenticating, to allow this possibility in the future.
Steps to configure Pinpoint
Log in to Pinpoint as a user who has the role Company Manager
On the left hand side, in the menu under Settings, click Integrations
3. Click on Apps and then search for 'SAML', then click Add
4. You will be shown this screen. At this stage we suggest you open an additional window and follow the steps in LastPass until the next section. You will be copy-pasting some of these details into LastPass.
Steps to configure LastPass
Log in to LastPass enterprise and click on Admin Panel
Click on Applications and click 'Web App'. Click on 'Add Application' or 'Add your first SSO app'
3. Under App Type, select 'Custom', and type the application name 'Pinpoint'
4. Click on Service Provider and fill in:
ACS: [Copy Consumer URL from Pinpoint]
Entity ID: [Copy Entity ID from Pinpoint]
5. Click on Custom Attributes
Check both ☑ Sign Assertion and ☑ Sign Response
Attribute 1: Last Name →
Attribute 2: First Name →
Upload the Pinpoint logo:
6. Click Save. We now need the metadata XML to paste into Pinpoint. Click the settings icon on the application to reopen the application dialog and select 'Identity Provider', then click Metadata to download the XML file.
View the contents of the downloaded metadata and Copy (it will look something like this)
Back over to Pinpoint
Paste the contents of the XML into the Metadata field and press Save
2. You should now be able to click 'Enable' on the top right of the integration settings page and login via LastPass (once users have been added to the application).
Back to LastPass
Configure user access to the Pinpoint application via your own internal policies.
Please note that if a user does not yet have an account in Pinpoint, and attempt to login, they will see a notice screen instead. Add this user to Pinpoint manually for single-sign on to work.