This article answers common questions about ContactMonkey's SAML (Security Assertion Markup Language) and SSO authentication capabilities.
Supported SAML Versions
Does ContactMonkey support SAML 1.0 or earlier versions?
No. ContactMonkey only supports SAML 2.0 integrations. SAML 2.0 is the current industry standard for secure authentication between identity providers and service applications.
SAML Initiation Methods
Does ContactMonkey support identity provider-initiated SAML?
Yes. ContactMonkey supports both authentication methods:
- Service provider-initiated: Users start the login from ContactMonkey
- Identity provider-initiated: Users start the login from your identity provider's portal
Identity Provider Compatibility
Which SAML 2.0 providers does ContactMonkey integrate with?
ContactMonkey officially integrates with these SAML 2.0 providers:
Can ContactMonkey integrate with other SAML 2.0 providers?
Yes. ContactMonkey can integrate with any SAML 2.0-compliant provider upon request. Contact the Technical Support team at support@contactmonkey.com, and they will provide the necessary configuration instructions for your specific provider.
SSO Enforcement
Can you require users to log in only through SSO?
Yes. After your SAML 2.0 integration is complete, contact our Technical Support team to enable SSO-only login enforcement. Once enabled, users must authenticate through your SAML provider to access ContactMonkey.
User Provisioning and Access Control
Does ContactMonkey support automatic user provisioning?
No. ContactMonkey requires manual user invitation before SSO authentication. Here's how the process works:
- An admin invites the user to the organization and assigns their team and role
- The user receives an invitation
- The user logs in via SSO
- ContactMonkey automatically assigns them to their designated team and role
Does ContactMonkey support group-based or role-based access control through SAML?
No. ContactMonkey does not sync groups or roles from your SAML provider. Access control works through the invitation process described above. Admins assign teams and roles when sending invitations, not through your identity provider's group settings.