Splashtop supports users/groups provisioning from your identity provider via SCIM, please follow the below steps to set up.
Step 1: Configure Provisioning - Admin Credentials
- Go to the created SAML app, click Provisioning to set up.
How to create a SAML app:
Global stack: https://support-splashtopbusiness.splashtop.com/hc/articles/360037945932
EU stack: https://support-splashtopbusiness.splashtop.com/hc/articles/360045446252
- Add Admin Credentials.
Global stack: https://my.splashtop.com/scim/v1
EU stack: https://my.splashtop.eu/scim/v1
Secret Token: How to find my Secret token
Then click Save.
Note: Need an active trial or subscription with SSO to successfully test
Step 2: Configure Provisioning - Set up ssoName attribute
- Go to Mappings, then Provision Azure Active Directory Users
Note: Disable "Provision Azure Active Directory Groups" if a user is in multiple synced AD groups or you do not want users to be moved to the named AD group in Splashtop.
- Click on your_sso_method_name to configure.
- On the configuration window, insert below info:
Constant Value: The SSO method name created on my.splashtop.com / my.splashtop.eu
Then Ok on the Edit Attribute window, then Save.
If you are from EU stack, you need to manually create the attribute following below steps.
a. Click on Provision Azure Active Directory Users.b. Check Show advanced options, then click on Edit attribute list for customappsso. c. Add an attribute.
d. Create the mapping:
Mapping type: Constant
Constant Value: Your SSO method name on my.splashtop.eu
Target attribute: Select the attribute you just created (urn:ietf:params:scim:schemas:extension:Splashtop:2.0:User:ssoName)
Add user/group to the created app
After SSO and Provisioning configured, you can click Add user to add users to the created enterprise application so the users can be automatically provisioned.
Note: If you chose to provision groups, make sure a user is not in multiple groups that are being synced; otherwise, the user will repeatedly switch between groups in the Splashtop system.
Known issues / Troubleshooting
- The user xxx is skipped due to not assigned to the application:
- Make sure the target user is assigned to the application created on Azure.
- Check Source Object Scope (It is under Created application / Edit Provisioning / Mappings / Provision Azure Active Directory Users), and see if there are some filters preventing the users from being provisioned.