Synthesia SSO
Setup single sign-on with Synthesia.
Before you get started
- Reach out to your Customer Success Manager to ensure your current plan allows SSO setup
- Loop in the Support Team ([email protected]) and ask them to kickstart the process
SSO is an Enterprise Plan feature.
Overview
Check the video below to have an overview on how to setup SSO with Synthesia:
For dedicated instructions see:
- Set up Entra/Azure for SSO Configuration
- Implement SAML SSO using Okta
- Just-in-Time (JIT) Provisioning
Otherwise continue below.
Configure the Identity Provider
To get started, follow the vendor-specific instructions for your identity provider:
For those instructions you are asked to provide a number of details. In general, the defaults should be used except in the following cases:
Single Sign On URL
Sometimes referred to as the Assertion Consumer Service URL or Reply URL, provide the following value:
https://studio.auth.synthesia.io/saml2/idpresponse
Audience URI
Sometimes referred to as the Entity ID, provide the following value
urn:amazon:cognito:sp:eu-west-1_7hEawdalF
Name Identifier
Synthesia requires that you specify the NameID field to be the email address of the user account being used to login, and it should match exactly the email claim specified below.
Note: β οΈ The NameID must be lower case. β οΈ
Claims
You must include the following claims:
- company
- email (ensure that this matches the NameID field described above). The email must be lower case.
- family_name
- given_name
- picture (optional)
The email claim is used to match a SAML identity with an existing Synthesia account should one exist. This allows SAML SSO to be adopted without any loss of content. You must ensure the claim names are entered exactly as written.
Once configured, your identity provider will make available a Metadata URL. This URL provides everything Synthesia need to verify and trust assertions from your identity provider.
There should not be any namespace and it should not be in a uri format. For Azure AD configuration , this usually means setting the namespace to be blank.
In the event that Synthesia is unable to verify your assertions, you will be asked to send an example of one so that Synthesia support team can validate that the integration has been configured correctly.
Contact Synthesia
Once your identity provider has been configured, reach out to Synthesia support team with the following details.
- Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
- Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: `example.com). For these domains, all other methods of login will be disabled.
Updated 13 days ago
Check the following article if you are encountering issues: