Single Sign-On

With single sign-on you can use your existing identity provider to log in to alfaview.

Requirements and Limitations

In order to setup single sign-on you have to have a working identity provider. It needs to comply to the either of the following standards:

OpenID Connect
SAML V2.0

Required Information

To configure our alfaview service provider we need the following information from you:

the endpoint of your identity provider (e. g. https://idp.example.com/redirect)
- if available: test accounts and an additional testing identity provider endpoint
if you have a SAML-based identity provider: the URL to your identity provider’s metadata XML file
the identity claims or attribute mapping of your identity provider’s SAML/OIDC response
- required: user’s first name, last name and display name
- optional: user group attribute if you want to use group based permission management in alfaview
your desired login domain from where your users will start the single sign-on process (example: my-company.alfaview.com)

Limitations

Your identity provider’s SAML XML signature needs to be signed using the SHA256 algorithm. If you have no information about the signing algorithm used, we can try to help you finding it out.
We do not support identity provider initiated SAML V2.0. But we can provide a start link that initiates the alfaview login by redirecting to your identity provider’s login page
The login domain will be hosted by alfaview.

Compatible Identity Providers

Here is a list of identity providers that were successfully configured and are proven to work with alfaview:

GitLab – based on OpenID Connect
Google Work – based on SAML V2.0
Shibboleth – based on SAML V2.0

Setup Process

If you are interested in using Single Sign-On, use our contact form to get in touch with us.

Contact form

Manage groups for single sign-on authentication users

Users that use single sign-on (SSO) to authenticate with alfaview can be assigned to groups in the external Identity provider (IdP). These groups can be mapped to groups with specific permissions in alfaview and can be assigned to alfaview rooms and departments. This helps in managing large numbers of users in alfaview.

Screenshot of the Manage groups tab in the Company management — Manage groups

To configure this setting, you will need the permission to manage company settings. Additionally, the company needs to have its own custom subdomain to access this feature.

Creating groups

In the administration interface, navigate to account management > Manage groups. Click and fill in the required fields.

Name: A name that will only be visible in this interface, an easy way to assign meaning to a group. (Example: Students, Teachers, etc)
External ID: A unique ID that is managed by the IdP and will be sent on each login. It must exactly match the group from the IdP response and cannot be empty. Also this value is unique: no two alfaview groups can have the same external ID.
Access Level: Decide whether and what type of profiles should be created for the group.
- No user profiles: Group participants can join rooms but do not have their own profile.
- Create user profiles: Participants receive their own user profile so that individual permissions can be assigned.
- Administration Page Access: Participants receive a user profile and access to the alfaview administration interface.
Permissions: The selected permissions will be granted to all users belonging to this group.

Screenshot of the Create group window with all setting options — Create group

These permissions are always granted globally and cannot be restricted to a room or a department.

Editing groups

Existing groups can be edited via the group list on the main page. Click the triple dot menu for the related group, and select Edit. All options that are available in the Add dialog are also available in this dialog.

Deleting groups

Existing groups can be deleted via the group list in the main page. Click the triple dot menu of the related group, and select Delete. A confirmation dialog will be shown. The delete action cannot be reverted, and the group must be recreated from start if needed.

Screenshot of the Edit group window with all setting options — Edit group

Assigning groups to departments

Existing groups can be assigned to departments via the group list on the main page.
Click the button of the related group. The assign dialog will be displayed.
All existing assignments can be edited or deleted on this page.

Screenshot of the Assign group to departments window with all setting options — Assign group

To assign: Select a department from the dropdown list, select the permission level for this department and click .
To unassign: Click the trashcan icon for the related department.
To edit permission level: Click the dropdown for the related department and select a new permission.

Last updated on February 4th, 2026, 09:22 am