Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the Identity Provider page, click the Actions (...) menu, and then select Configure Identity Provider. The New Identity Provider form will be presented. 
  2. Select SAML v2.0. A blank form is presented.
  3. Complete the fields based on the values that are configured for your Identity Provider. The example is for SAML v2.0 for Azure Active Directory. For example, the SAML v2.0 Identity Provider values are found in the Azure Active Directory admin center in the Single sign-on menu. Refer to the Microsoft configure SAML-based configure single sign on article and the following example for details.

    Section
    Column
    width15%

    Section 1: These URLs (for example, Assertion Consumer Service URL) will be provided after the AMPLIFY Platform Identity Provider configuration is saved, and then can be used on your Identity Provider.

    Section 2: The values to set in the NameID Format and Attribute Mapping fields in the AMPLIFY Platform Identity Provider configuration form.

    Section 3: The values that will be set on the Signature Algorithm and Validating X509 Certificates section of the AMPLIFY Platform Identity Provider configuration form. The certificate file whose contents will be used for that section of the AMPLIFY Platform Identity Provider configuration page will be available from the download button for Certificate (Base64) on this view.

    Section 4: The values that will be used in the Single Sign-On Service URL and Single Logout Service URL fields on the AMPLIFY Platform Identity Provider configuration page.

    Column
    width85%

  4. Copy the mapping values from the Identity Provider configuration to complete Single Sign-On Service URL and Single Logout Service URL . See section 4 from the SAML v2.0 for Azure Active Directory example.
  5. Copy the mapping values from the Identity Provider configuration to complete the NameID Policy FormatSignature Algorithm, and Validating X509 Certificate. See sections 2 and 3 from the SAML v2.0 for Azure Active Directory example.

    • NameID Policy Format: Click the field under Required Claim to show the format that will be used for the NameID Policy Format section in the Identity Provider configuration form.
    • Signature Algorithm: Select the value that is configured for your Identity Provider.
    • Validating X509 Certificates: Download the contents. Then copy and paste the X509 certificate value into the text box making sure to omit ------BEGIN CERTIFICATE ----- and ------END CERTIFICATE--------.

      Info
      If you have multiple certificates that are required for your configuration, add the X509 certificate value for each certificate in that field, separated by a comma.




  6. Copy the mapping values from the Identity Provider configuration to complete the Attribute Mapping fields (Email AddressFirst Name, and Last Name). See the Additional claims area in section 2 from the SAML v2.0 for Azure Active Directory example.


  7. Complete the Role Assignments section. Refer to Role Assignments for details.

    The following is an example for a completed SAML v2.0 form (before clicking Save).
  8. Click Save. A Confirmation dialog appears with a message that once the Identity Provider is verified, all users on that domain will be required to log into the AMPLIFY Platform with their Identity Provider credentials.

        

  9. To complete the configuration, you must add the values configured in the AMPLIFY Platform identity configuration page to your Identity Provider's configuration. 
    • Copy the Entity IDAssertion Consumer Service URL, and optionally the Post-Logout URLvalues individually from the Platform's page manually or by clicking the clipboard icon.
        
        

      Info
      The SAML Descriptor may include additional content that is applicable to your Identity Provider, such as the public key used for signed assertions. The SAML Descriptor includes options that may be applicable to your IdP: View, Download, or Download Signing Certificate.
    • Paste the copied values into their respective fields in the SAML v2.0 configuration page.
       
    • Click Save in the Azure Active Directory page. 

...