Skip to main content

Talkspirit

This guide explains how to set up single sign-on (SSO) between SmartLink and Talkspirit using SAML 2.0 or OpenID Connect.

Prerequisites

  • Talkspirit Business or Enterprise subscription
  • Administrative access to Talkspirit
  • Verified email domain
  • Application configured in SmartLink with SAML2 or OpenID Connect

1. Create the application

  1. Log in to SmartLink as an administrator
  2. Go to ApplicationsAdd
  3. Create a new application:
    • Name: Talkspirit
    • URL: https://[your-organization].talkspirit.com
    • Description: All-in-one French collaborative platform
    • Icon: Choose the Talkspirit icon

2. Configure SAML2

  1. In the Authentication tab
  2. Select SAML2
  3. Configure the following parameters:
    • Entity ID: [appid]
    • ACS URL: https://[your-organization].talkspirit.com/saml/acs
    • Format NameID: emailAddress
    • App ID: https://[your-smartlink].link.vaultys.org/[appid] (automatically generated unique identifier)

3. Retrieve metadata

Note the following URLs:

  • IdP Metadata: https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/metadata
  • SSO URL: https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/sso
  • SLO URL: https://[your-smartlink].link.vaultys.org/api/saml/[appid]/slo
  • Entity ID: [appid]
  • X.509 Certificate: Download from SmartLink

Configuration in Talkspirit

1. Access SSO settings

  1. Log in to Talkspirit as an administrator
  2. Go to AdministrationSettingsAuthentication
  3. Click on Configure SAML SSO

2. Identity provider configuration

Configure the SAML parameters:

  • IdP Entity ID: [appid]
  • SSO URL: https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/sso
  • SLO URL: https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/slo
  • Public Certificate: Paste the X.509 certificate from SmartLink
  • Binding: HTTP-POST

3. Attribute configuration

Talkspirit AttributeSAML AttributeRequired
Emailemail
First NamefirstName
Last NamelastName
Full NamedisplayName
Servicedepartment
Job TitlejobTitle
Phonephone
Photophoto

Configuration with OpenID Connect

1. Configure OpenID Connect

  1. In the Talkspirit application
  2. Authentication tab → OpenID Connect
  3. Note:
    • Client ID: talkspirit-xxxxxx
    • Client Secret: secret-xxxxxx
    • App ID: [appid]

2. Redirect URLs

Add to Allowed Redirect URLs:

https://[your-organization].talkspirit.com/auth/oidc/callback
https://[your-organization].talkspirit.com/api/auth/oidc/callback

Configuration in Talkspirit

  1. In AdministrationAuthenticationOpenID Connect
  2. Configure:
  • Discovery URL: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/.well-known/openid-configuration
  • Client ID: talkspirit-xxxxxx
  • Client Secret: secret-xxxxxx
  • Scopes: openid profile email groups

Space and Group Configuration

Organizational Structure

spaces:
  - name: "Direction"
    type: "private"
    auto_add_groups:
      - "smartlink-executives"
      - "smartlink-management"
    features:
      - chat
      - videoconference
      - documents
      - tasks
  
  - name: "Communication"
    type: "public"
    auto_add_groups:
      - "smartlink-all-users"
    features:
      - news
      - events
      - polls
  
  - name: "Projects"
    type: "workspace"
    auto_add_groups:
      - "smartlink-project-teams"
    features:
      - tasks
      - calendar
      - documents
      - wiki

Group Synchronization

{
  "group_sync": {
    "enabled": true,
    "mapping": {
      "smartlink-admins": {
        "talkspirit_role": "admin",
        "permissions": ["manage_users", "manage_spaces", "manage_settings"]
      },
      "smartlink-managers": {
        "talkspirit_role": "manager",
        "permissions": ["create_spaces", "moderate_content", "manage_members"]
      },
      "smartlink-users": {
        "talkspirit_role": "member",
        "permissions": ["create_content", "join_spaces", "use_chat"]
      },
      "smartlink-external": {
        "talkspirit_role": "guest",
        "permissions": ["view_public", "limited_interaction"]
      }
    }
  }
}

Specific Features

Chat and Video Conferencing

communication:
  chat:
    enabled: true
    direct_messages: true
    group_chats: true
    file_sharing: true
    max_file_size: "100MB"
    message_retention: "unlimited"
  
  video:
    provider: "integrated"
    max_participants: 50
    recording: true
    screen_sharing: true
    virtual_backgrounds: true
    breakout_rooms: true

Drive and Document Management

{
  "drive_settings": {
    "enabled": true,
    "default_quota": "10GB",
    "versioning": true,
    "co_editing": true,
    "office_integration": "onlyoffice",
    "file_types_allowed": [
      ".pdf", ".doc", ".docx", ".xls", ".xlsx",
      ".ppt", ".pptx", ".png", ".jpg", ".mp4"
    ],
    "antivirus_scan": true,
    "encryption_at_rest": true
  }
}

Publishing and News

publishing:
  news_feed:
    moderation: true
    categories:
      - "Company"
      - "HR"
      - "Products"
      - "Events"
    
  engagement:
    reactions: ["like", "love", "applause", "idea"]
    comments: true
    sharing: true
    mentions: true
    hashtags: true

Integration with External Tools

Microsoft 365

{
  "microsoft_integration": {
    "enabled": true,
    "calendar_sync": true,
    "contacts_sync": true,
    "onedrive_connector": true,
    "teams_interop": false
  }
}

Google Workspace

{
  "google_integration": {
    "enabled": true,
    "calendar_sync": true,
    "drive_connector": true,
    "meet_integration": true
  }
}

Talkspirit API

API Authentication with SSO

const TalkspiritAPI = require('talkspirit-api');

class TalkspiritClient {
  constructor(config) {
    this.api = new TalkspiritAPI({
      baseUrl: config.baseUrl,
      auth: {
        type: 'oauth2',
        clientId: config.clientId,
        clientSecret: config.clientSecret,
        scope: 'read write admin'
      }
    });
  }
  
  async getUserBySSOEmail(email) {
    return await this.api.users.findByEmail(email);
  }
  
  async createSpace(spaceData) {
    return await this.api.spaces.create({
      name: spaceData.name,
      type: spaceData.type,
      members: spaceData.members,
      features: spaceData.features
    });
  }
  
  async postNews(newsData) {
    return await this.api.news.create({
      title: newsData.title,
      content: newsData.content,
      category: newsData.category,
      targetGroups: newsData.groups
    });
  }
}

Webhooks

// Endpoint to receive Talkspirit webhooks
app.post('/webhook/talkspirit', async (req, res) => {
  const { event, data } = req.body;
  
  switch(event) {
    case 'user.joined':
      await onboardNewUser(data);
      break;
    
    case 'space.created':
      await syncSpaceToOtherTools(data);
      break;
    
    case 'document.shared':
      await notifyRelevantUsers(data);
      break;
    
    case 'task.assigned':
      await createExternalTask(data);
      break;
  }
  
  res.status(200).json({ received: true });
});

Configuration Testing

1. Connection Test

  1. Log out of Talkspirit
  2. Go to https://[your-organization].talkspirit.com
  3. Click on Login with SSO
  4. Authenticate via SmartLink
  5. Verify access to assigned spaces

2. Permission Testing

# Test via API
curl -X GET "https://[your-organization].talkspirit.com/api/v1/me" \
  -H "Authorization: Bearer YOUR_TOKEN"

3. Mobile Testing

Talkspirit applications support SSO:

  • Talkspirit iOS
  • Talkspirit Android
  • Talkspirit Desktop (Windows/Mac/Linux)

Troubleshooting

"SAML response invalid" Error

Issue: The SAML response is not accepted

Solution:

  1. Verify that the Entity ID is [appid]
  2. Check the X.509 certificate
  3. Ensure the ACS URL is correct
  4. Check the logs: AdministrationLogsAuthentication

Groups Not Synchronized

Issue: Users do not have the correct roles

Solution:

<!-- SAML assertion for groups -->
<saml:Attribute Name="groups">
  <saml:AttributeValue>smartlink-talkspirit-admins</saml:AttributeValue>
  <saml:AttributeValue>smartlink-talkspirit-users</saml:AttributeValue>
</saml:Attribute>

Space Access Issue

Issue: SSO user does not have access to spaces

Solution:

  1. Check group synchronization
  2. Verify automatic assignment rules
  3. Check space permissions
  4. Ensure the user is active

Security

{
  "security_settings": {
    "enforce_sso": true,
    "session_timeout": "8h",
    "ip_filtering": false,
    "device_trust": true,
    "content_moderation": {
      "enabled": true,
      "ai_powered": true,
      "manual_review": true
    },
    "data_retention": {
      "messages": "2y",
      "files": "5y",
      "logs": "1y"
    },
    "encryption": {
      "at_rest": true,
      "in_transit": true,
      "e2e_chat": false
    }
  }
}

GDPR Compliance

Talkspirit is GDPR compliant with:

  • Data hosting in France
  • Right to erasure
  • Data portability
  • Explicit consent
  • Register of processing activities

User Migration

Migration Script

import csv
import requests

class TalkspiritMigration:
    def __init__(self, api_key, domain):
        self.api_key = api_key
        self.base_url = f"https://{domain}.talkspirit.com/api/v1"
        
    def migrate_users_to_sso(self, csv_file):
        """Migrate users to SSO"""
        with open(csv_file, 'r', encoding='utf-8') as file:
            reader = csv.DictReader(file)
            
            for user in reader:
                # Enable SSO for the user
                self.enable_sso_for_user(user['email'])
                
                # Assign to spaces
                self.assign_user_to_spaces(user['email'], user['spaces'])
                
                # Send migration email
                self.send_migration_email(user['email'])
    
    def enable_sso_for_user(self, email):
        """Enable SSO for a user"""
        response = requests.patch(
            f"{self.base_url}/users/email/{email}",
            headers={"Authorization": f"Bearer {self.api_key}"},
            json={"auth_method": "sso"}
        )
        return response.json()

Resources