Single Sign-On (SSO) allows users to securely access LiveRem using their existing corporate credentials, without creating or managing a separate username and password.
Once enabled, users are redirected to their organisation’s Identity Provider (IdP) to sign in and then returned to LiveRem. This centralises authentication and access control while providing a faster, simpler login experience.
What is SSO?
Single Sign-On (SSO) is an authentication method that allows users to access multiple applications using a single set of credentials managed by their organisation.
LiveRem supports SAML 2.0-based SSO, where:
LiveRem acts as the Service Provider (SP)
Your Identity Provider (IdP) manages authentication (for example, Okta or Azure AD)
Before You Start
Before configuring SSO in LiveRem, make sure you have the following:
Admin access to LiveRem
Admin access to your organisation’s Identity Provider (IdP)
A SAML 2.0 application created in your IdP
Required Identity Provider Values
You will need the following details from your Identity Provider:
Issuer ID / Entity ID
SSO (Login) URL
X.509 Signing Certificate
Attribute or group values (for role mapping)
Additionally, you will need:
One or more verified email domains owned by your organisation
Understanding the Two SSO URLs
1️⃣ Single Sign-On URL (Configured in Your Identity Provider)
This is LiveRem’s Assertion Consumer Service (ACS) URL.
It is where your Identity Provider sends the SAML response after authentication.
Your Identity Provider may label this field as:
Single Sign-On URL
ACS URL
Reply URL
Callback URL
Set this value to : https://prodfunctions.liverem.com/api/sso/callback/saml
If your provider requests them separately:
Recipient URL → Use the same value
Destination URL → Use the same value
2️⃣ Identity Provider Single Sign-On URL (Configured in LiveRem)
This is your Identity Provider’s login endpoint.
It is where LiveRem redirects users for authentication.
This value is provided by your Identity Provider and may be labelled:
Identity Provider Single Sign-On URL
Login URL
SAML Endpoint
SSO Service URL
🔄 Why This Matters
These URLs represent opposite directions of the same authentication flow:
LiveRem → Redirects user → Identity Provider SSO URL
Identity Provider → Sends response → LiveRem ACS URL
⚠️ Mixing them up is the most common cause of SSO failures.
Quick Reference
Configuration Location | Field | Value |
Identity Provider (Okta, Azure AD, etc.) | Single Sign-On / ACS URL |
|
Identity Provider | Audience Restriction / SP Entity ID |
|
LiveRem SSO Settings | SSO URL | (Provided by your Identity Provider) |
LiveRem SSO Settings | Issuer ID | (Provided by your Identity Provider) |
Important: LiveRem Values Required by Your IdP
When configuring your SAML application, enter:
Identity Provider Field | Value to Enter |
Single Sign-On URL / ACS URL / Reply URL / Callback URL |
|
Recipient URL (if required) |
|
Destination URL (if required) |
|
Audience Restriction / SP Entity ID / Entity ID / Identifier |
|
⚠️ This value must exactly match: https://app.liverem.com/saml/metadata
If it differs, authentication will fail.
SSO - Single Sign-On
Click on Configure SSO button to start configuring the SSO to LiveRem.
Configure SSO
Step 1 - Provider Configuration
The screen below shows the first step of setting up Single Sign-On (SSO) for your organization.
This step connects LiveRem to your Identity Provider by entering the required SAML details.
1. Provider Name
A friendly label used to identify your provider.
Example: Okta, Azure AD, Company SSO
2. Issuer ID
The unique identifier provided by your Identity Provider.
Used by LiveRem to validate the source of the SAML response.
3. SSO URL
The login endpoint where LiveRem redirects users for authentication.
Often labelled in your Identity Provider as:
Single Sign-On URL
Login URL
4. SAML Certificate
The public certificate used to verify SAML responses.
Copy the entire certificate, including:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----⚠️ The certificate must be valid and not expired.
How to Find These Values
In your Identity Provider Admin Console:
Applications → Your SAML App → Sign On → View Setup Instructions
LiveRem Field Common IdP Label
Issuer ID Identity Provider Issuer / Entity ID
SSO URL Single Sign-On URL
Certificate X.509 Certificate
5. Auto-Provision Users
If a user does not already exist with the provided email in your LiveRem organisation, this setting automatically creates a LiveRem account when a user signs in via SSO for the first time.
6. Auto-Update Roles
Automatically updates user roles based on SAML assertions at each login.
✔ Reduces manual administration
✔ Keeps permissions aligned with your Identity Provider
Note: Manual testing to verify your role mappings are correct is highly recommended when this setting is enabled
Click Next button to configure domains.
Step 2 - Domains
Domains determine which users are routed through SSO.
Only users with matching email domains will authenticate via your configured provider.
Add Domain
Click Add Domain to register your organisation’s email domains.
You may add multiple domains.
Once added, the domain will appear in the Domain Mapping section.
Domain Verification
Domains must be verified to confirm ownership.
Click Verify
Complete the DNS verification steps
Select Check Verification
⏱ Verification usually completes within minutes but may take up to 72 hours due to DNS propagation.
You may continue setup while verification completes.
Delete Domain
Clicking the Delete button allows you to remove the domain mapping.
Click Next button to configure roles.
Step 3 - Roles
Roles control user permissions in LiveRem.
SSO Role Mapping ensures users receive the correct access automatically.
Role Mapping
Default LiveRem Role
Assigned when no role-mapping rules match.
Ensures all authenticated users receive baseline access.
Add Mapping
Add Mapping allows you to creates rules that map Identity Provider attributes/groups to LiveRem roles.
Mappings are evaluated at login.
⚠️ Attribute values must exactly match Identity Provider assertions.
Attribute Mapping
The Attribute Mapping section allows you to map Identity Provider attributes to LiveRem user profile fields.
Common examples:
✔ First Name
✔ Last Name
✔ Phone Number
⚠️ Attribute names must exactly match your Identity Provider configuration.
Click Next button to test your connection.
Step 4 - Test Connection
Validates your SSO configuration.
Click Run Test to confirm:
✔ Identity Provider connectivity
✔ Certificate validity
✔ Assertion processing
Once configured, you can:
✔ Edit Configuration
✔ Test Connection
✔ Disable SSO
✔ Delete Configuration
Edit Configuration
Allows you to update your existing SSO settings.
Selecting Edit returns you to the same step-by-step setup flow, where you can review and modify the configuration.
Test Connection
Allows you to verify that your SSO configuration is functioning correctly.
This checks connectivity with your Identity Provider and validates the authentication flow.
Disable Configuration
Temporarily turns off SSO without removing the configuration.
While disabled, users cannot sign in via SSO but can continue logging in using their email address and password.
The configuration can be re-enabled at any time.
Delete Configuration
Permanently removes the SSO configuration.
Once deleted, users will no longer be able to sign in via SSO, and authentication will revert to standard login methods.
⚠️ Removing a domain will prevent users with that email address from signing in via SSO.
But still, users can log in to LiveRem using their email address and password.
Add Domain
Add Domain allows you to add one or more email domains to your SSO configuration.
Users with matching email addresses will be automatically routed to your Identity Provider during sign-in.
Each domain must be verified before becoming active.
Security & Best Practices
For optimal security and reliability:
✔ Enable multi-factor authentication (MFA) in your Identity Provider
✔ Rotate SAML certificates before expiry
✔ Audit login activity via Identity Provider logs
✔ Test SSO after configuration or mapping changes
Single Sign-On simplifies and secures access to LiveRem by allowing users to authenticate using their existing work credentials. SSO enables organisations to centrally manage authentication, access, and roles while reducing reliance on separate passwords. This provides a smoother login experience for users and more efficient access control for administrators.