|Sequence||Completed task to configure and enable an IdP|
Add a domain and
|Step 1 tasks (add and verify a domain, or configure an IdP) can be completed in any order|
|Confirm the association of an IdP to the domain|
(Optional) Add a subdomain
This section includes details on configuring a SAML v2.0 Identity Provider with an example of a Microsoft Azure Active Directory SAML-based Single Sign-On configuration.
Although the example in this section is for Microsoft Azure Active Directory, any SAML v2.0 Identity Provider is compatible.
Refer to the Microsoft configure SAML-based configure single sign on article for details.
To create a new Identity Provider
Complete the fields based on the values that are configured for your Identity Provider. The example is for SAML v2.0 for Azure Active Directory. For example, the SAML v2.0 Identity Provider values are found in the Azure Active Directory admin center in the Single sign-on menu. Refer to the Microsoft configure SAML-based configure single sign on article and the following example for details.
Validating X509 Certificates: Download the contents. Then copy and paste the X509 certificate value into the text box making sure to omit ------BEGIN CERTIFICATE ----- and ------END CERTIFICATE--------.
|If you have multiple certificates that are required for your configuration, add the X509 certificate value for each certificate in that field, separated by a comma.|
Click Save. A Confirmation dialog appears with a message that once the Identity Provider is verified, all users on that domain will be required to log into the AMPLIFY Platform with their Identity Provider credentials.
Copy the Entity ID, Assertion Consumer Service URL, and optionally the Post-Logout URLvalues individually from the Platform's page manually or by clicking the clipboard icon.
|The SAML Descriptor may include additional content that is applicable to your Identity Provider, such as the public key used for signed assertions. The SAML Descriptor includes options that may be applicable to your IdP: View, Download, or Download Signing Certificate.|
When a new Identity Provider is being configured, the organization administrator can edit any field. After a SAML v2.0 Identity Provider is verified, the organization administrator is not permitted to edit the Single Sign-On Service URL, NameID Policy Format, and Signature Algorithm fields.