LoginSaml is a plugin for Piwik and is available for purchase on the Piwik Marketplace as a yearly subscription. While the subscription is active you will receive all updates for this plugin. The Users Flow plugin is released under the InnoCraft EULA.
You can also get it for free as a hosted solution on our Piwik Analytics Cloud.
If you have a federated environment with a SAML Identity Provider (OneLogin, Okta, Ping Identity, ADFS, Google, Salesforce, SharePoint…), you can use this plugin to interoperate with it, thereby enabling SSO for your piwik users as well as support just-in-time provisioning. Login SAML offers advanced functionality such as just-in-time provisioning, so that your users can get their own account automatically created with the right permission in Piwik Analytics.
SSO offers many benefits. It can ensure consistent access control across the enterprise and external providers, potentially reducing support costs related to authentication / accounts management.
What SAML offers:
- Usability – One-click access from portals or intranets, deep linking, password elimination and automatically renewing sessions makes life easier for the user.
- Security – Based on strong digital signatures for authentication and integrity, SAML is a secure single sign-on protocol that the largest and most security conscious enterprises in the world rely on.
- Speed – SAML is fast. One browser redirect is all it takes to securely sign a user into an application.
- Phishing Prevention – If you don’t have a password for an app, you can’t be tricked into entering it on a fake login page.
- IT Friendly – SAML simplifies life for IT because it centralizes authentication, provides greater visibility and makes directory integration easier.
The plugin is developed and maintained by InnoCraft, the company from the makers of Piwik. At InnoCraft, passionate product designers and engineers build and maintain the free and open source project Piwik. This ensures the highest quality and compatibility of all their plugins.
You need at least Piwik 3 or newer. You can also signup to our Piwik Cloud service.
The SSO login is added in addition to the normal login flow.
Accounts generated using SSO (just-in-time provisioning) have no password so login always by SSO will be required if no password is set.
Accounts generated using the normal registration process will be able to use normal login or SSO login.
On the settings of the SamlLogin plugin the admin will be able to decide if use the login (username) or the email in order to identify piwik accounts with the data provided by the Identity Provider.
We understand that SAML is a complex SSO standard and no many people are familiarized with SAML terms.
We offer a guide that explain how the plugin works and how to configure it, in addition to specific guides that explain the steps to connect with the main Identity Provider vendors.
If you need help with your configuration, contact InnoCraft and we will agree the terms of the support service.