Synthesia SSO

Setup single sign-on with Synthesia.

πŸ‘

Before you get started

  1. Reach out to your Customer Success Manager to ensure your current plan allows SSO setup
  2. Loop in the Support Team ([email protected]) and ask them to kickstart the process
πŸ“˜

SSO is an Enterprise Plan feature.

Overview

Check the video below to have an overview on how to setup SSO with Synthesia:

For dedicated instructions see:

Otherwise continue below.

Configure the Identity Provider

To get started, follow the vendor-specific instructions for your identity provider:

For those instructions you are asked to provide a number of details. In general, the defaults should be used except in the following cases:

Single Sign On URL

Sometimes referred to as the Assertion Consumer Service URL or Reply URL, provide the following value:

https://studio.auth.synthesia.io/saml2/idpresponse

Audience URI

Sometimes referred to as the Entity ID, provide the following value

urn:amazon:cognito:sp:eu-west-1_7hEawdalF

Name Identifier

Synthesia requires that you specify the NameID field to be the email address of the user account being used to login, and it should match exactly the email claim specified below.

Note: ⚠️ The NameID must be lower case. ⚠️

Claims

You must include the following claims:

  • company
  • email (ensure that this matches the NameID field described above). The email must be lower case.
  • family_name
  • given_name
  • picture (optional)

The email claim is used to match a SAML identity with an existing Synthesia account should one exist. This allows SAML SSO to be adopted without any loss of content. You must ensure the claim names are entered exactly as written.

Once configured, your identity provider will make available a Metadata URL. This URL provides everything Synthesia need to verify and trust assertions from your identity provider.

There should not be any namespace and it should not be in a uri format. For Azure AD configuration , this usually means setting the namespace to be blank.

In the event that Synthesia is unable to verify your assertions, you will be asked to send an example of one so that Synthesia support team can validate that the integration has been configured correctly.

Contact Synthesia

Once your identity provider has been configured, reach out to Synthesia support team with the following details.

  • Metadata URL: Made available by your identity provider once Synthesia has been configured as an application.
  • Identifiers: These are the domain(s) that you wish to be associated with SAML SSO (for example: `example.com). For these domains, all other methods of login will be disabled.


What’s Next

Check the following article if you are encountering issues: