SequenceCompleted task to configure and enable an IdP
1

-

-

-

Add a domain and

Verify domain ownership

Configure an OIDC or SAML v2.0 IdP

Step 1 tasks (add and verify a domain, or configure an IdP) can be completed in any order
2
-
Confirm the association of an IdP to the domain
3

-

Enable the IdP configuration for all domain users

4

-

(Optional) Add a subdomain

 

This section includes details on configuring a SAML v2.0 Identity Provider with an example of a Microsoft Azure Active Directory SAML-based Single Sign-On configuration. 

Although the example in this section is for Microsoft Azure Active Directory, any SAML v2.0 Identity Provider is compatible.

Refer to the Microsoft configure SAML-based configure single sign on article for details.

To create a new Identity Provider

  1. From the Identity Providers page, click the + Identity Provider. The New Identity Provider form will be presented. 
  2. Select SAML v2.0. A blank form is presented.
  3. Complete the fields based on the values that are configured for your Identity Provider. The example is for SAML v2.0 for Azure Active Directory. For example, the SAML v2.0 Identity Provider values are found in the Azure Active Directory admin center in the Single sign-on menu. Refer to the Microsoft configure SAML-based configure single sign on article and the following example for details.

    Section 1: These URLs (for example, Assertion Consumer Service URL) will be provided after the AMPLIFY Platform Identity Provider configuration is saved, and then can be used on your Identity Provider.

    Section 2: The values to set in the NameID Format and Attribute Mapping fields in the AMPLIFY Platform Identity Provider configuration form.

    Section 3: The values that will be set on the Signature Algorithm and Validating X509 Certificates section of the AMPLIFY Platform Identity Provider configuration form. The certificate file whose contents will be used for that section of the AMPLIFY Platform Identity Provider configuration page will be available from the download button for Certificate (Base64) on this view.

    Section 4: The values that will be used in the Single Sign-On Service URL and Single Logout Service URL fields on the AMPLIFY Platform Identity Provider configuration page.

  4. Copy the mapping values from the Identity Provider configuration to complete Single Sign-On Service URL and Single Logout Service URL . See section 4 from the SAML v2.0 for Azure Active Directory example.
  5. Copy the mapping values from the Identity Provider configuration to complete the NameID Policy FormatSignature Algorithm, and Validating X509 Certificate. See sections 2 and 3 from the SAML v2.0 for Azure Active Directory example.

  6. Copy the mapping values from the Identity Provider configuration to complete the Attribute Mapping fields (Email AddressFirst Name, and Last Name). See the Additional claims area in section 2 from the SAML v2.0 for Azure Active Directory example.


  7. Complete the Role Assignments section. Refer to Role Assignments for details.

    The following is an example for a completed SAML v2.0 form (before clicking Save).
  8. Click Save. A Confirmation dialog appears with a message that once the Identity Provider is verified, all users on that domain will be required to log into the AMPLIFY Platform with their Identity Provider credentials.

        

  9. To complete the configuration, you must add the values configured in the AMPLIFY Platform identity configuration page to your Identity Provider's configuration. 

When a new Identity Provider is being configured, the organization administrator can edit any field. After a SAML v2.0 Identity Provider is verified, the organization administrator is not permitted to edit the Single Sign-On Service URL, NameID Policy Format, and Signature Algorithm fields.