Developer DocumentationSingle Sign-OnRegistration & Attendee Hub

In this article, you’ll learn how to configure Single Sign-On (SSO) for event registrants and Attendee Hub.

Service Provider-initiated SAML SSO for Event Registration and Attendee Hub

Service Provider (SP)-initiated Single Sign-On (SSO) starts in Cvent. Users navigates to Cvent, logs in to your identity provider, and then returns to Cvent.

Note

Turning on SSO for event registration also enables SSO for Attendee Hub.

Configure SAML SSO

To configure, open a case and provide Cvent with the following from your identity provider:

  • Issuer URI (entityID)
  • Single Sign-On URL (location)
  • Public x509 Certificate

Commonly, you’ll find this data in the metadata generated from your IdP.

Cvent will send you metadata in return, including a Organization ID used later in the setup.

Configure Your Identity Provider (IdP)

In your identity provider (IdP), configure the following:

  • SAML version: Cvent supports SAML 1.1 or SAML 2.0.
  • NameID: Set to email address. Cvent uses email as the default method of identifying users.

Configure Attributes

When logging users in, their Security Assertion Markup Language (SAML) assertion must contain the following required attributes. You can provide optional attributes to fill the user’s profile.

InstructionFieldAttribute Name
RequiredFirst Namefirst_name
RequiredLast Namelast_name
RequiredEmail Addressemail_address
OptionalMiddle Namemiddle_name
OptionalPrefixprefix
OptionalLocalelocale
OptionalTitletitle
OptionalCompanyorganization
OptionalWork Phonework_phone
OptionalMobile Phonemobile_phone
OptionalAddress 1address1
OptionalCitycity
OptionalState Codestate_code
OptionalZip/Postal Codepostal_code
OptionalCountry Codecountry_code

Optionally, Configure Custom Field Attributes (SP-initiated Only)

For each custom field you’d like to populate, send an attribute named exactly like the corresponding field in Cvent. The value for this attribute reflects the user’s specific value.

Turn On SP SSO in an Event and Attendee Hub

To turn on SP SSO in individual events and attendee hubs, do the following:

  1. Navigate to your event and select General and Event Settings.
  2. Find the Security tab.
  3. Under Website Authentication, select OIDC (OAuth) and SAML.
  4. Enter the Organization ID specified earlier during setup.
  5. Choose when you want visitors authenticated: upon arriving at the website, during registration, or on specific registration paths.
SSO info

Test

Test the event by navigating to the event as a registrant. If you encounter any issues, contact support.

 
 


 
 

Identity Provider-initiated SAML SSO for Event Registration

Identity Provider (IdP)-initiated SSO uses a pseudo IdP-initiated process, where a user navigates to an event and authenticates in your identity provider through a direct login link. This SSO can only works with event registration.

Configure SAML SSO

To configure this single sign-on, open a case and provide Cvent with the following from your identity provider:

  • Issuer URI (entityID)
  • Single Sign-On URL (location)
  • Public x509 Certificate

You can find these in the metadata generated from your IdP.

Configure Your Identity Provider (IdP)

In your identity provider (IdP), configure the following:

  • SAML version: Cvent supports SAML 1.1 or SAML 2.0.
  • NameID: Set to email address. Cvent uses email as the default method of identifying users.

Configure Attributes

When logging users in, their Security Assertion Markup Language (SAML) assertion must contain the following required attributes. Optional attributes can complete the user’s profile.

InstructionFieldAttribute NameMaximum Length
RequiredFirst Namefirst_name
RequiredLast Namelast_name
RequiredEmail Addressemail_address
Required (Set as null if not in use)Source IDsource_id
OptionalContact Type Codereg_code30
OptionalPrefixprefix30
OptionalDesignationdesignation30
OptionalMiddle Namemiddle_name30
OptionalNicknamenickname30
OptionalCompanycompany100
OptionalTitletitle50
OptionalHome Address 1home_address140
OptionalHome Address 2home_address240
OptionalHome Address 3home_address340
OptionalHome Cityhome_city40
OptionalHome State Codehome_state_codeunlimited
OptionalHome Postal Codehome_postal_code25
OptionalHome Country Codehome_country3
OptionalHome Phonehome_phone30
OptionalHome Faxhome_fax30
OptionalWork Address 1work_address140
OptionalWork Address 2work_address240
OptionalWork Address 3work_address340
OptionalWork Citywork_city40
OptionalWork State Codework_state_codeunlimited
OptionalWork Postal Codework_postal_code25
OptionalWork Country Codework_country3
OptionalWork Phonework_phone30
OptionalWork Faxwork_fax30
OptionalMobile Phonemobile30
OptionalPagerpager30
OptionalReference IDref_id100
OptionalTimestamptimestamp10
OptionalSignaturereg_signatureunlimited

Optionally, Configure Custom Field Attributes (IdP-initiated Only)

For each profile custom field you’d like to populate, or internal event question, you must supply the following attribute information in pairs:

FieldField NameMaximum LengthDetails
User Custom Fieldsfield_stub136Unique UUID found by viewing the field in Cvent Admin or via the Cvent REST API.
User Custom Fieldsfield1300Value you’d like to add to the field.
Internal Survey Question Fieldsquestion_code130Unique code found in the event.
Internal Survey Question Fieldsquestion_answer1-Value you’d like to add to the field.

Custom Field Example

You have a custom contact field in Cvent called Line of Business that needs populating via SSO. Using the Cvent REST API, you determine the Line of Business field in Cvent has the UUID abc12345-efg6-hij8-klm9-opqrstuvwxyz.

In your IdP, configure two attributes to send to Cvent:

  1. field_stub1 with the value abc12345-efg6-hij8-klm9-opqrstuvwxyz
  2. field1 containing the user’s line of business, such as Marketing.

Turn On IdP SSO in an Event

To configure SSO for an event, you’ll need to retrieve the direct login link for the application you set up in your identity provider (IdP).

After that, do the following:

  1. Log in to Cvent and navigate to the event.
  2. Select General and Event Settings.
  3. In the top-navigation, select Security and click Edit.
  4. Under Website Authentication, select Use an external authentication process.
  5. In the Authentication URL field, add your direct login for the application you set up earlier in your IdP.
  6. Select when you’d like to authenticate visitors.
  7. Click Save.

When users navigate to the event website, their browser directs to the link you put in the Authentication URL field, along with the query parameter ?target=[event-link] where [event-link] represents the event’s website URL. The intent involves users authenticating with your IdP and then redirecting back to the event via the target query parameter.

‘Your IdP must accept query parameter RelayState’s for this process to work as described. Cvent can change the query parameter term target to another value, if needed.

Test

Now test the event by navigating to Marketing and Weblinks and selecting one of the page URLs listed. If you encounter any issues, please report them.

Using SSO in Other Events

Your event planners can re-use a configured SSO integration for all their events. To do this, they’ll re-use the Authentication URL from your IdP that links directly to the login you used to test the first event.

Notes

  • If your invitees determine their registration type by going through a custom process, make sure to select “Display personal information for invitees who arrive from a Cvent email” as Yes.
  • If registration for your event remains private (for example, only open to those on an invitation list), select the option to only allow invitees to register via email invitations to ensure this setting also applies to registrants accessing your event via SSO.

 
 


 
 

OIDC (OAuth) SSO for Event Registrants and Attendee Hub

Cvent supports OpenID Connect (OIDC) for event registrants and Attendee Hub login. With OIDC, you can verify invitees before they register for an event and when they sign in to the Attendee Hub. This section explains how to enable OAuth for your event.

Configure Your Identity Provider

To configure this SSO, open a case and provide Cvent with the following information:

  • Client ID
  • Client Secret
  • Issuer URL
  • Scopes
  • Well-Known Endpoint

Cvent uses the Well-Known Endpoint to retrieve the following details:

  • JWKS Endpoint
  • Authorization Endpoint
  • Token Endpoint (must be public)
  • User Info Endpoint (must be public and OIDC compliant)

Limitations

  • Proof Key for Code Exchange (PKCE) isn’t supported and must be turned off.
  • The Address Claim is always mapped to Home.

Configure Your Claims

When authorizing, you can supply claims to Cvent, which map onto the user’s profile. You must provide required claims. You can optionally include others to fill on the user’s profile. Name the attributes exactly as shown.

InstructionCvent FieldOpenID Standard ClaimsNotes
RequiredFirst Namegiven_name
RequiredLast Namefamily_name
RequiredEmail Addressemail
RequiredSource IDsub
OptionalMiddle Namemiddle_name
OptionalNicknamenickname
OptionalProfile Imagepicture
OptionalGendergender
OptionalDate of Birthbirthdate
OptionalPhone Numberphone_numberMapped to Home Address in Cvent by default.
OptionalAddress 1address:street_addressMapped to Home Address in Cvent by default.
OptionalCityaddress:localityMapped to Home Address in Cvent by default.

Optionally, Configure Custom Field Attributes

For each profile custom field you would like to populate, send a claim named exactly like the corresponding field in Cvent. The value for this claim is the user’s value.

Enabling OAuth for an Event Website & Attendee Hub

To enable OAuth for your website, registration, and Attendee Hub:

  1. Navigate to your event and select General and Event Settings.
  2. Find the Security tab.
  3. Under Website Authentication, select OIDC (OAuth) and SAML. Enter the Organization ID specified during setup and choose when you want visitors to be authenticated: upon arriving at the website, during registration, or on specific registration paths.
  4. Click Save.
SSO info

Test

Test your connection. If you encounter any issues, contact support.

Last updated on