What is changing?
On September 5th, 2023 we migrated our SAML assertion consumer (ACS) and metadata endpoints from parsecgaming.com
to parsec.app
. We plan to decommission the legacy parsecgaming.com
endpoints, which will cause any SAML identity provider (IdP) configurations using the parsecgaming.com
endpoints to stop working.
What do we need to do?
The SAML ACS and metadata endpoints will need to be added to your SAML IdP to include the new endpoints on parsec.app:
- SAML ACS:
https://kessel-api.parsec.app/saml/acs/{teamID}
- SAML Metadata:
https://kessel-api.parsec.app/saml/metadata/{teamID}
Please note IdPs may handle ACS URL migration differently so ensure you're following the steps for your specific IdP below.
Okta
The first step must be completed before making any edits in Okta. Updating the IdP settings first will break the SAML flow.
- On the Domain & SAML tab under SAML Setup, ensure the ACS/Metadata URL Backward Compatibility toggle is enabled.
- In Okta, open the Parsec application you have set up for SSO and go to General -> SAML Settings -> Edit.
- Click next so that you are on the Configure SAML tab, and edit the Single sign-on URL and Audience URI so that parsecgaming.com is replaced with parsec.app.
- Click Next, then Finish.
- Login to Parsec with a SAML user.
- Ensure the following confirmation is visible under SAML Setup. That's it!
Azure Active Directory (AAD)
- Add the new SAML endpoints to your Enterprise Application configuration in AAD
- On the Domain & SAML tab, under SAML Setup enable the ACS/Metadata URL Backward Compatibility toggle
Do not enable this before adding the new SAML endpoints to your SAML configuration in AAD. If this setting is enabled before updating AAD, Parsec SAML authentication will break.
- Login to Parsec with a SAML user
- Ensure the following confirmation is visible under SAML Setup. Do not proceed to the next step if you do not see this.
- Remove the legacy (parsecgaming.com) endpoints from your Enterprise Application configuration in AAD. At this point you should only have parsec.app endpoints in your Enterprise App configuration.
Google Workspace
Please note that the first step below will result in SAML login attempts failing until the following steps are completed.
- On the Domain & SAML tab, under SAML Setup enable the ACS/Metadata URL Backward Compatibility toggle. SAML login attempts will fail until Google IdP settings are updated.
- Navigate to your Parsec app within Google and expand the Service provider details to view the ACS URL and Entity IDs. Update both of these to point to parsec.app. This step takes a minute or so to propagate.
- Login to Parsec with a SAML user.
- Ensure the following confirmation is visible under SAML Setup. That's it!
Other
Please check your IdP documentation for more information on how to edit the ACS and Metadata endpoints.