Slido offers a SAML-based single sign-on (SSO) method for authenticating members. This gives owners, admins, and members within your organization access to Slido through their identity provider (IdP).
This article is a specific technical guide for setting up Member SAML SSO. We also have tips for rolling our Member SSO in your organization, as well as a technical guide for setting up Participant SSO.
Available for Enterprise and Institution annual plans
Slido’s SAML SSO must be set up by the license owner – and is compatible with Okta, OneLogin, Microsoft Entra IA (formerly called Microsoft Azure), Auth0 and many other IdPs.
Follow the below guide for set up:
Upload your IdP’s SAML metadata XML file to Slido
Once you have a SAML metadata XML file, you can upload it to your Slido organization.
- Open Organization settings
- Select Member SAML SSO
- Click Browse files to upload your IdP's SAML metadata XML file
Once uploaded, our system validates the XML file.
If the file is correct, you will see the Entity ID of your IdP updated. You can now continue with the setup.
Please note that we do not offer a sandbox environment for testing. However, uploading your IdP’s SAML metadata XML file doesn’t automatically activate SSO authentication. You’ll still need to manually enable or enforce it.
Test the configuration
Before enabling your configuration, you first have to test it by clicking Test SAML Login.
You’ll see a new window open up redirecting you to your Identity Provider. This will validate that the integration setup is correct on both sides.
Successful test
If the integration is correctly set up and the test is successful, you’ll see a message saying Test successfully completed. Click Got it to go back to your Organization settings to continue with the setup.
Unsuccessful test
If the integration test fails you will see a message saying Test failed. Click Back to return to your Organization settings and fix the issue.
After a failed test, please double-check the uploaded XML metadata file. Also make sure that the person setting up the authentication in Slido is assigned to the associated SAML SSO application on the IdP side.
Enable SSO
After a successful test, you can enable the integration by clicking the Enable SSO button.
How it works for your members
Once Member SSO is enabled, your members will be able to log in to Slido using SSO as one of the options. The member's other login options (such as password or Google login) will still remain available as well.
The screenshot below shows the experience of a member who has the option to log in using either password or SAML SSO integration.
Once the member chooses to Log in with SSO, they will automatically be redirected to your Identity Provider. And once successfully authenticated there, they’ll be taken back to their Slido account.
Enforce your members to log in via SSO
When Member SAML SSO is enabled, you can choose to enforce it by clicking the Enforce SSO button. Enforced SSO means that it is mandatory for members to log in using your identity provider.
How enforced SSO works for your members
Any member trying to log in will have to go through your IdP's authentication. Members will no longer have the option to log in with a Slido password or Google SSO. Instead, they will be redirected to your IdP.
Once you enforce SAML SSO, the members who are logged in at that moment will have to re-login to their Slido account.
Allow guests to log in without SAML SSO
By default, when SSO is set up for the organization, members can only invite other existing members to their slidos as guests (co-hosts). However, sometimes it may be useful to invite guests who are not from your company.
To allow inviting guests who are not a part of your Slido organization:
- Open Organization Settings - Member SAML/SSO
- Tick the Exclude guests option
The invited guests who are not part of your organization will then be able to create an account using a password or a Google login.
Note that if you leave Exclude guests unticked, your members will not be able to invite external partners or vendors unless you grant them access via your IdP.
Set up Member provisioning in selected Identity Providers
Once your Member SSO is set up, you may also be able to provision your members using SCIM protocol. You can set up SCIM provisioning for your Slido organization in the following IdPs or any others that comply with SCIM standards:
- Okta
- OneLogin
- Microsoft Entra ID (formerly called Microsoft Azure)
- Auth0
FAQs
- Does Slido SSO authentication work from the service provider side, IdP, or both?
Slido supports both SSO authentication flows.
- How do I renew the SSO certificate?
To renew your SSO certificate in Slido you will first need to disable member SSO in Organization settings. This will log you out so you’ll need to log back in, open Organization settings and select Re-upload which you can find next to Metadata. Now upload your new .xml file, click Test SAML Login, and if the test is successful, enable SSO again.Take a look at our video tutorial for renewing the SSO certificate.
- Can we use the same SAML XML file for both - participant and member SSO?
Yes, this is possible. However, you should be careful with using the single file setup with member provisioning. Participants do not create accounts the same way as Slido organization members do. Member provisioning won't work correctly if you mark the participants and the members for provisioning the same way. A 2-app setup on the IdP side is recommended. Please contact us at support@slido.com if you need any help with your member provisioning setup.
- Can I test the member SSO before saving the settings to make sure it's working?
There is no testing environment for the member SSO setup at the moment, but there is a test as a part of the setup process. If the test passes it means the integration is working well and member SSO can be enforced. That should be sufficient to validate your setup before it's applied to your Slido organization.
- What happens if an email address or domain needs to be updated?
To change any members’ email or email domain, the change must be made within both your Identity provider (IdP) and your Slido organization at slido.com.
In Slido, if you are not using SCIM, a Slido owner or admin must deactivate the member from the Team tab to free up a license seat – then they can invite the new email address. Once the invitation is accepted, you can transfer any existing slidos from the deactivated member to the new one. Then after transferring any slidos, you can remove the deactivated member completely if you wish.
Curious about more?
