To set up SSO with doxy.me, you'll need to create a new application within the Auth0 dashboard. Any users signing into doxy.me will need to have assigned access to this application, and will have to authenticate from your clinic sign-in page which will appear similar to [https://subdomain.doxy.me/sign-in] (be sure to replace subdomain with your actual clinic subdomain).
Setup
From your Auth0 dashboard, go to Applications.
Select Create Application.
Choose Single Page Web Application as your application type.
Configuration
Open your new application, and switch to the Settings tab.
Scroll down to your Application URIs and enter the below URLs as your Allowed Callback URLs
Switch to your Addons tab and enable SAML2 WEB APP.
Select the box to open the popup menu, and switch to your Settings tab.
Set the below URL as your Application Callback URL
Copy & paste the minimal configuration below into your Settings code-space.
(The email schema may be slightly different - please be sure to check the boilerplate schema before copying this over)
{ "audience": "https://api.doxy.me/auth/institution/SAML2", "recipient": "https://api.doxy.me/auth/institution/SAML2/callback?institutionId=XXXX", "mappings": { "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" }, "createUpnClaim": true, "passthroughClaimsWithNoMapping": true, "mapUnknownClaimsAsIs": true, "mapIdentities": true, "signatureAlgorithm": "rsa-sha1", "digestAlgorithm": "sha1", "destination": "https://subdomain.doxy.me/account/dashboard", "lifetimeInSeconds": 3600, "signResponse": false, "typedAttributes": true, "includeAttributeNameFormat": true, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ], "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified", "logout": { "callback": "http://foo/logout", "slo_enabled": true }, "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"}
Scroll to the bottom of the popup and Save your changes.
A few things your CSM or support representative will need from the Usage tab within your SAML2 WEB APP:
Identity Provider Login URL
Identity Provider Metadata
JIT (Just-In-Time provisioning)
With JIT enabled, you can create and assign new users to your doxy.me app without needing to manually invite or create doxy.me accounts first. Once an assigned new user authenticates, they'll be prompted to finish setting up their account by selecting a room name before being taken to the dashboard.
To remove a clinic user or seat, an account admin will still need to manage that from Account Settings / Clinic Settings / Manage Users.
A few things to note:
Once enabled, SSO will replace the traditional sign-in methods for your clinic.
When logging in, users will need to authenticate from their clinic login page rather than an external app dashboard in most cases.
Existing users can always log in using email/password by going to https://doxy.me/sign-in and will see an optional redirect to their clinic dashboard.
If you have any questions or would like assistance with configuration, please contact your CSM or chat with our support team 🙂