Skip to main content
Skip table of contents

Intercom SAML Integration

This document explains how to implement MonoSign with Intercom. It covers Single Sign-On. Before you continue, it is better to start with Intercom’s Single Sign-On implementation page.

Creating Intercom Application on MonoSign

Navigate to Applications page by clicking Applications button on the navigation bar. To create a new application, please click the “Add New“ button. “Add New“ button navigate you to Application Create Page.

Navigate to Applcations Page

Add a New Application

Firstly, let’s start setting up the Application Name, Application URL and Application Logo on Application Create Page. Application URL must be the one that “Intercom“ will give us while configuring SAML Authentication method.

To configure the SAML authentication method on Intercom, admin user needs to navigate to Security Settings page. Now admin user can follow the instructions on Intercom SAML SSO configuration instructions page.

Admin user will see the “SAML name for this workspace“ and “Single Sign-On URL“ sections. Please copy “workspace name” and replace it with “<SAML Name>“ in “Single Sign-On URL“. When replacing is done please copy the actual Single Sign-On URL.

For example: https://app.intercom.com/saml/gravamw6/consume

Configure Intercom SAML Authentication

Once SSO URL copied to clipboard, please go to MonoSign Management “Application Create“ page, fill in the inputs as shown and click the “Finish“ button.

Application Settings

Application Settings

Fields

Description

Name

Application Name that will be displayed applications page

URL

Application URL that copied from “Intercom“ application SSO SAML authentication configuration page

Logo

Application Logo that will be displayed applications page

Profile Access Type

User Profile Information that “Intercom“ application needs to be mapped

Once application is created successfully, system will navigate you to Application Detail page.

Navigate To Keys

Click the “Keys“ tab on Application Detail Page and then click the “Add New Access Key“ to add a SAML access key to the “Intercom” Application.

Add an Application Access Key

A modal will open when the button clicked. SAML2 Settings tab will be generated when you select “SAML” key type on the modal.

Selecting Key Type

You need to follow the instructions on the IdP(Identity Provider) configure page and you need to fill in the inputs SAML2 Settings tab as shown.

SAML2 Access Key Settings 1

SAML2 Access Key Settings 2

SAML2 Access Key Settings 3

It’s so important that you fill in the inputs correctly. Otherwise SAML authentication will not be performed.

SAML2 Settings

Value

Assertion Consumer Url

https://app.intercom.com/saml/gravamw6/consume

Audience

https://app.intercom.com/saml/gravamw6

Entity Id

https://app.intercom.com/saml/gravamw6

NameId Format

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Name Id

Email address

Exclude NotBefore

From Subject → Active

Extra Attributes

Mappings:

firstName → {{Profile.FirstName}}

lastName → {{Profile.LastName}}

When all the inputs are filled, please click the “Save“ button. The SAML application key will be generated as shown.

Generated SAML Application Access Key

Certificate input corresponds to the x509 format of the issued certificate for your SAML key on MonoSign.

You need to view your certificate in x509 format. in that case, we prefer using OpenSSL - “a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.”

Use the command below to view the certificate.

CODE
openssl x509 -in {path of your certificate} -text

The output contains various information about the certificate. However, you should check encryption algorithms and the text starts with “-----BEGIN CERTIFICATE-----” and ends with “-----END CERTIFICATE-----“.

Now you can open the “Intercom“ authentication page to configure SAML SSO configurations as shown.

SAML Application Access Key Configuration on Intercom

Intercom application needs to verify your identity provider domain. So, you must add your MonoSign domain as an allowed domain which are allowed to authenticate with SAML SSO. Enter a domain under “Allowed domains”, and click “Add domain”.

Then, you must verify that you own the domain by adding a TXT record in your DNS settings with the values as shown.

Verify IdP Domain

When DNS record added to your server, please click the “Verify DNS record“ button. Intercom application will verify your DNS record. Then your IdP domain will be displayed in allowed domains section as shown.

Allowed Domains

Configurations are completed on MonoSign Intercom Application Key page and Intercom SAML SSO Configuration page. Please click the “Save“ button.

Save Configurations

Test SAML SSO configuration modal will shown when “Save“ button clicked. On the modal, please click “Authenticate with identity provider“ to make sure everything is done correctly and to navigate MonoSign Intercom Application.

Authenticate with MonoSign Identity Provider

If you type your MonoSign username and password, you will authenticate to Intercom application.

Test SAML SSO Login

When username and password typed correctly, MonoSign will navigate you to Intercom application.

If MonoSign navigate you to your Intercom Application correctly as shown, it means everything seems perfect.

Activated SAML SSO Authentication

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.