Shutterstock's federated identity offering allows our customers' employees to log in to Shutterstock's applications via their company's single sign-on (SSO) system. The customer configures their identity provider (IdP), such as Auth0, Ping Identity, or Okta to integrate with Shutterstock by exchanging Security Assertion Markup Language (SAML) and System for Cross-domain Identity Management (SCIM) data. Then, the customer's employees authenticate with the IdP and are redirected to Shutterstock, where they can use Shutterstock applications without needing a separate Shutterstock account or password.
Currently, Shutterstock maintains integrations with these IdPs. Contact us to see if we can add support for the tools that you use for identity management.
For information about setting up an integration with each of these IdPs, see Identity provider setup.
Shutterstock's federated identity offering is SAML 2.0 compliant and provides the following features:
On-demand account provisioning
Shutterstock creates accounts automatically when users log in through SAML, so your employees do not need a pre-existing Shutterstock account.
Provisioning for pre-existing users
If an employee already has a Shutterstock account, our identity management system links that account to their account on your identity provider.
Roles and permissions
Each employee account has a role that controls what that account can do. You can set individual accounts to be allowed only to browse and search and set other accounts to be able to license and download media.
Provisioning for organizations
Shutterstock enterprise customer accounts are associated with organizations (also referred to as "teams"). Customers can set a default organization for new accounts or pass information about customer organizations along with SAML credential requests.
Federated identity (FI): Federated identity is functionality that allows a user's identity information to be accessed across systems. Federated identity allows one system to authenticate a user and another system to trust that authentication and receive the user's information.
Single sign on (SSO): SSO allows a user to sign in to one system and gain access to other systems.
Security Assertion Markup Language (SAML) and System for Cross-domain Identity Management (SCIM): SAML and SCIM are standard languages for communicating user information, such as information for federated identity management.
Service provider (SP): In the context of federated identity management, a service provider is a business or application that delegates authorization for its services to a third-party identity provider. For example, Shutterstock can act as a service provider by accepting identity information from third-party systems.
Third-party identity provider (3P IdP): An IdP is software that provides identity management services, such as Okta, Ping Identity, and OneLogin.
If a user logs in to Shutterstock through your identity provider and there is no Shutterstock account associated with that user's email address, Shutterstock creates an account for that user automatically. New users should log in to Shutterstock through the identity provider in this way, instead of creating accounts manually on shutterstock.com. If a user creates an account directly on shutterstock.com, that account is not automatically tied to your enterprise account and is not managed through your identity provider.
If there is an existing account tied to that email address, Shutterstock logs the user into that account. The user has the same roles that the existing account has unless you pass other roles with the SAML assertion as described in Assigning permissions.
Individual email addresses can be connected to multiple Shutterstock accounts. If a user logs in through federated identity and their email address is connected to multiple accounts, by default Shutterstock logs them into the first account that was created with that email address. Your account representative can provide a list of email addresses and user accounts in your account so you can tell the users which account they sign in to. To change which account users sign in to, contact us.
Shutterstock is introducing account deprovisioning through SCIM. In certain cases, you can configure your identity provider to send a SCIM request to Shutterstock when you remove a user from the application in the identity provider. Shutterstock receives the SCIM request and removes the user from the relevant organizations.
Enterprise customer employees can access Shutterstock via federated identity management in two main ways: they can start by accessing the Shutterstock web application, or they can start by authenticating to the company's IdP.
This diagram shows an overview of the Shutterstock-initiated login flow:
This diagram shows an overview of the Identity provider-initiated login flow:
W serwisie Shutterstock.com dostępnych jest ponad 475 000 000 materiałów (stan na 30 listopada 2023 roku).