Matterport and SAML/SSO 

SAML (Security Assertion Markup Language) is an open standard protocol that enables users to use a single sign-on (SSO) credential to access Matterport across various IDPs (Identity Providers). In summary, SAML allows secure tokens to be passed between IDPs and SaaS applications (like Matterport). This ultimately expedites the user workflow by eliminating the need for passwords, and centralizing the authentication process. SAML also provides higher visibility and allows for expedited application adoptions and rollouts.

Before you begin 

Required Matterport subscription plan to use SSO

To join the invitational Beta and enable SSO, you will need to have an Enterprise Matterport subscription plan.

IDP support 

SSO gives members access to Matterport through identity providers that support the SAML 2.0 standard - we currently have validated integrations with the following IDPs: 

  1. Okta 
  2. Ping ID
 

We are working on providing support for additional IDPs - if you are using an IDP that is not included on the list, please reach out to us directly (support@matterport.com) and we will assist you with SSO setup. 

Instructions 

Get to the SSO setup inside Matterport 

  1. Log into your Matterport Account (my.matterport.com)
  2. Click your account name (top right)
  3. Click Settings Screen_Shot_2020-03-16_at_12.21.00_PM.png
  4. Click Manage in the Account dropdown menu to the left
  5. Under the Authentication header, click the Manage buttonScreen_Shot_2020-03-16_at_1.30.37_PM.png

The “Configure Single Sign-On Page” 

This page is where you will begin the single sign-on setup - follow the instructions below. 

Before beginning the process, read the “Overview” section at the top of the page
This section will briefly outline how this will affect users associated with the account you are configuring - the main takeaway is that you can choose whether or not members of your organization are forced to use SSO, or be given the option to use their legacy credentials to access Matterport. We will touch more on this configuration later in the guide. 

Copy and import required single sign-on info from Matterport to your IDP Screen_Shot_2020-03-16_at_1.42.40_PM.png

  1. ACS URL 
    • Highlight the provided URL and click the “Copy” button - tab over to to your IDP’s unique page and paste the URL into the ACS URL field. 
  2. SP Entity ID 
    • Highlight the provided URL and click the “Copy” button - tab over to your IDP and paste the URL into the SP Entity ID field. 
  3. Matterport Logo 
    • Highlight the provided URL and click the “Copy” button - tab over to your IDP and paste the URL into the Logo field. 
  4. Account Key 
    • This identifies which account is accessing SSO ,and lists it to the right. 

Copy and import required single sign-on info from your IDP to Matterport

  1. Account Key 
    • Tab over to your IDP and copy the Account Key, then paste it in the field. 
  2. SAML 2.0 Endpoint 
    • Tab over to your IDP and copy the Identity Provider SSO URL, then paste it in the field. 
  3. Identity Provider Issuer 
    • Tab over to your IDP and copy the Identity Provider ID, then paste it in the field. 
  4. Public Certificate 
    • Tab over to your IDP and copy the entire X.509 certificate, then paste it in the field. 

Optional Measure: Preview the binding email and the “Allow only SSO” toggle 

  1. Attribute Name Format 
    • This will allow you to preview the binding email that will go out to all associated accounts after you hit  “Save Configuration” - you can also get a sense of who clicked on your email by going to Matterport’s settings and clicking on Users. Screen_Shot_2020-03-16_at_1.49.53_PM.png
  2. Allow only SSO 
    • Switching this toggle will require that all users associated with your account must authenticate using SSO. 
    • We recommend turning this on later, after the lion’s share of users in your organization have adopted the transition. Screen_Shot_2020-03-16_at_1.48.39_PM.png

Save your SSO configuration and launch the binding email 

  1. Hit the Save Configuration button 
  2. Confirm SSO activation 
    • This will begin the binding process by emailing instructions to every user associated with your Matterport account.  

SAML/SSO FAQs

My IDP is not on Matterport’s supported list - what do I do? 

Contact Matterport Support for the next steps. 

My invitation link has expired - what do I do? 

Contact your IT administrator to request a new invitation. 

Does SSO support Microsoft Active Directory access? 

Not currently - contact support for the next steps. 

What happens if I downgrade my Matterport subscription plan? 

SSO will continue to work for users that were setup for SSO prior to the downgrade.

What does SSO access allow? 

SSO access is used to manage Matterport’s Cloud portal only. Support and community portals, on the other hand, will continue to be managed using legacy login credentials.

I’m a first-time user - how do I use SSO to sign in to Matterport? 

Contact your IT admin or Matterport account admin and request a corporate email account - once you have that, log in to Matterport using the email address provided. You will additionally need to log in to your intermediate IDP page using your new credentials. 

I’m an existing user - how do I use SSO to sign in to Matterport? 

If you already have an account you will receive an email from your organizations’ IT administrator - follow the instructions in the email to log in. 

What can I expect after SSO is enabled? 

Your old account credentials will no longer work. Roles, associated access permissions, and models from your old account will be accessible using your SSO credentials. 

I’m receiving error messages - what do I do? 

Contact Matterport Support and we will walk you through the troubleshooting process. 

Contact Us

Questions? Reach out to us at support@matterport.com.

Have more questions? Submit a request