Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

SequenceCompleted task to configure and enable an IdP
1

-

-

-

Add a domain and

Verify domain ownership

Configure an OIDC or SAML v2.0 IdP

Step 1 tasks (add and verify a domain, or configure an IdP) can be completed in any order
2
-
Confirm the association of your IdP to the domain
3

-

Enable the IdP configuration for all domain users

4

-

(Optional) Add a subdomain

This section includes details on configuring a SAML v2.0 Identity Provider with an example of a Microsoft Azure Active Directory SAML-based Single Sign-On configuration. 

Icon

Although the example in this section is for Microsoft Azure Active Directory, any SAML v2.0 Identity Provider is compatible.

Refer to the Microsoft configure SAML-based configure single sign on article for details.

To create a new Identity Provider

  1. From the Identity Provider page, click the Actions (...) menu, and then select Configure Identity Provider. The New Identity Provider form will be presented. 
  2. Select SAML v2.0. A blank form is presented.


  3. Complete the fields based on the values that are configured for your Identity Provider. The example is for SAML v2.0 for Azure Active Directory. For example, the SAML v2.0 Identity Provider values are found in the Azure Active Directory admin center in the Single sign-on menu. Refer to the Microsoft configure SAML-based configure single sign on article and the following example for details.

    Section 1: These URLs (for example, Assertion Consumer Service URL) will be provided after the AMPLIFY Platform Identity Provider configuration is saved, and then can be used on your Identity Provider.

    Section 2: The values to set in the NameID Format and Attribute Mapping fields in the AMPLIFY Platform Identity Provider configuration form.

    Section 3: The values that will be set on the Signature Algorithm and Validating X509 Certificates section of the AMPLIFY Platform Identity Provider configuration form. The certificate file whose contents will be used for that section of the AMPLIFY Platform Identity Provider configuration page will be available from the download button for Certificate (Base64) on this view.

    Section 4: The values that will be used in the Single Sign-On Service URL and Single Logout Service URL fields on the AMPLIFY Platform Identity Provider configuration page.

  4. Copy the mapping values from the Identity Provider configuration to complete Single Sign-On Service URL and Single Logout Service URL . See section 4 from the SAML v2.0 for Azure Active Directory example.
  5. Copy the mapping values from the Identity Provider configuration to complete the NameID Policy FormatSignature Algorithm, and Validating X509 Certificate. See sections 2 and 3 from the SAML v2.0 for Azure Active Directory example.

    • NameID Policy Format: Click the field under Required Claim to show the format that will be used for the NameID Policy Format section in the Identity Provider configuration form.
    • Signature Algorithm: Select the value that is configured for your Identity Provider.
    • Validating X509 Certificates: Download the contents. Then copy and paste the X509 certificate value into the text box making sure to omit ------BEGIN CERTIFICATE ----- and ------END CERTIFICATE--------.

      Icon
      If you have multiple certificates that are required for your configuration, add the X509 certificate value for each certificate in that field, separated by a comma.




  6. Copy the mapping values from the Identity Provider configuration to complete the Attribute Mapping fields (Email AddressFirst Name, and Last Name). See the Additional claims area in section 2 from the SAML v2.0 for Azure Active Directory example.




    The following is an example for a completed SAML v2.0 form (before clicking Save).
  7. Click Save. A Confirmation dialog appears with a message that once the Identity Provider is verified, all users on that domain will be required to log into the AMPLIFY Platform with their Identity Provider credentials.

        

  8. To complete the configuration, you must add the values configured in the AMPLIFY Platform identity configuration page to your Identity Provider's configuration. 
    • Copy the Entity IDAssertion Consumer Service URL, and optionally the Post-Logout URLvalues individually from the Platform's page manually or by clicking the clipboard icon.
        

      Icon
      The SAML Descriptor may include additional content that is applicable to your Identity Provider, such as the public key used for signed assertions. The SAML Descriptor includes options that may be applicable to your IdP: View, Download, or Download Signing Certificate.
    • Paste the copied values into their respective fields in the SAML v2.0 configuration page.
       
    • Click Save in the Azure Active Directory page. 

When a new Identity Provider is being configured, the organization administrator can edit any field. After a SAML v2.0 Identity Provider is verified, the organization administrator is permitted to edit some of the fields.

  • Basic Attributes
    • Single Sign-On Service UR
    • NameID Policy Format
    • Signature Algorithm
    • Validating X509 Certificates
  • Advanced Attributes
    • Single Logout Service URL
    • Backchannel Logout
    • HTTP-POST Binding Response
    • HTTP-POST Binding for AuthnRequest
    • HTTP-POST Binding Logout
    • Want AuthnRequests Signed
    • SAML Signature Key Name
    • Want Assertions Signed
    • Want Assertions Encrypted
    • Force Authentication
  • Attribute Mapping
    • Email Address
    • First Name
    • Last Name
    • Phone Number
    • Country

  • No labels