Intercom SAML Integration
This document explains how to implement MonoSign with Intercom. It covers Single Sign-On. Before you continue, it is better to start with Intercom’s Single Sign-On implementation page.
Creating Intercom Application on MonoSign
Navigate to Applications page by clicking Applications button on the navigation bar. To create a new application, please click the “Add New“ button. “Add New“ button navigate you to Application Create Page.
Navigate to Applcations Page
Add a New Application
Firstly, let’s start setting up the Application Name, Application URL and Application Logo on Application Create Page. Application URL must be the one that “Intercom“ will give us while configuring SAML Authentication method.
To configure the SAML authentication method on Intercom, admin user needs to navigate to Security Settings page. Now admin user can follow the instructions on Intercom SAML SSO configuration instructions page.
Admin user will see the “SAML name for this workspace“ and “Single Sign-On URL“ sections. Please copy “workspace name” and replace it with “<SAML Name>“ in “Single Sign-On URL“. When replacing is done please copy the actual Single Sign-On URL.
For example: https://app.intercom.com/saml/gravamw6/consume
Configure Intercom SAML Authentication
Once SSO URL copied to clipboard, please go to MonoSign Management “Application Create“ page, fill in the inputs as shown and click the “Finish“ button.
Application Settings
Application Settings
Fields | Description |
|---|---|
Name | Application Name that will be displayed applications page |
URL | Application URL that copied from “Intercom“ application SSO SAML authentication configuration page |
Logo | Application Logo that will be displayed applications page |
Profile Access Type | User Profile Information that “Intercom“ application needs to be mapped |
Once application is created successfully, system will navigate you to Application Detail page.
Navigate To Keys
Click the “Keys“ tab on Application Detail Page and then click the “Add New Access Key“ to add a SAML access key to the “Intercom” Application.
Add an Application Access Key
A modal will open when the button clicked. SAML2 Settings tab will be generated when you select “SAML” key type on the modal.
Selecting Key Type
You need to follow the instructions on the IdP(Identity Provider) configure page and you need to fill in the inputs SAML2 Settings tab as shown.
SAML2 Access Key Settings 1
SAML2 Access Key Settings 2
SAML2 Access Key Settings 3
It’s so important that you fill in the inputs correctly. Otherwise SAML authentication will not be performed.
SAML2 Settings | Value |
|---|---|
Assertion Consumer Url | |
Audience | |
Entity Id | |
NameId Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Name Id | Email address |
Exclude NotBefore | From Subject → Active |
Extra Attributes | Mappings: firstName → {{Profile.FirstName}} lastName → {{Profile.LastName}} |
When all the inputs are filled, please click the “Save“ button. The SAML application key will be generated as shown.
Generated SAML Application Access Key
Certificate input corresponds to the x509 format of the issued certificate for your SAML key on MonoSign.
You need to view your certificate in x509 format. in that case, we prefer using OpenSSL - “a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.”
Use the command below to view the certificate.
openssl x509 -in {path of your certificate} -textThe output contains various information about the certificate. However, you should check encryption algorithms and the text starts with “-----BEGIN CERTIFICATE-----” and ends with “-----END CERTIFICATE-----“.
Now you can open the “Intercom“ authentication page to configure SAML SSO configurations as shown.
SAML Application Access Key Configuration on Intercom
Intercom application needs to verify your identity provider domain. So, you must add your MonoSign domain as an allowed domain which are allowed to authenticate with SAML SSO. Enter a domain under “Allowed domains”, and click “Add domain”.
Then, you must verify that you own the domain by adding a TXT record in your DNS settings with the values as shown.
Verify IdP Domain
When DNS record added to your server, please click the “Verify DNS record“ button. Intercom application will verify your DNS record. Then your IdP domain will be displayed in allowed domains section as shown.
Allowed Domains
Configurations are completed on MonoSign Intercom Application Key page and Intercom SAML SSO Configuration page. Please click the “Save“ button.
Save Configurations
Test SAML SSO configuration modal will shown when “Save“ button clicked. On the modal, please click “Authenticate with identity provider“ to make sure everything is done correctly and to navigate MonoSign Intercom Application.
Authenticate with MonoSign Identity Provider
If you type your MonoSign username and password, you will authenticate to Intercom application.
Test SAML SSO Login
When username and password typed correctly, MonoSign will navigate you to Intercom application.
If MonoSign navigate you to your Intercom Application correctly as shown, it means everything seems perfect.
Activated SAML SSO Authentication