Synthesia SSO

Setup Single sign on with Synthesia.

Configure the Identity Provider

Start by following your identity provider’s instructions for creating a SAML 2.0 single sign-on application. For example, here are links to vendor-specific instructions:

For those instructions you are asked to provide a number of details. In general, the defaults should be used except in the following cases:

Single Sign On URL

Sometimes referred to as the Assertion Consumer Service URL or Reply URL, provide the following value:

https://studio.auth.synthesia.io/saml2/idpresponse

Audience URI

Sometimes referred to as the Entity ID, provide the following value

urn:amazon:cognito:sp:eu-west-1_7hEawdalF

Name Identifier

Synthesia requires that you specify the NameID field to be the email address of the user account being used to login, and it should match exactly the email claim specified below.

Claims

You must include the following claims:

  • company
  • email (ensure that this matches the NameID field described above. In addition, the email and NameID must be lower case.)
  • family_name
  • given_name
  • picture (optional)

The email claim is used to match a SAML identity with an existing Synthesia account should one exist. This allows SAML SSO to be adopted without any loss of content. You must ensure the claim names are entered exactly as written.

Once configured, your identity provider will make available a Metadata URL. This URL provides everything Synthesia need to verify and trust assertions from your identity provider.

There should not be any namespace and it should not be in a uri formatFor Azure AD configuration , this usually means setting the namespace to be blank.

In the event that Synthesia is unable to verify your assertions, you will be asked to send an example of one so that Synthesia support team can validate that the integration has been configured correctly.

Contact Synthesia

Once your identity provider has been configured, reach out to Synthesia support team with the following details.

  • Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
  • Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: `example.com). For these domains, all other methods of login will be disabled.