What you'll need

Before you start, ensure you have the following values that you will need to complete the configuration of the integration.

For configuring SSO at the Identity Provider (IdP)

info

You may need these values to configure Single Sign On in your chosen Identity Provider (IdP).

SAML Admin Authentication (Staff users)

Value	Description
Metadata	https://<domain>/q/login/admin/saml_admin_auth/metadata
Identifier / Entity ID	https://<domain>/q/login/admin/saml_admin_auth/metadata
Reply URL	https://<domain>/q/login/admin/saml_admin_auth/acs
Logout URL	https://<domain>/q/login/admin/saml_admin_auth/sls

SAML User Authentication (Non-Staff users)

Value	Description
Metadata	https://<domain>/q/login/user/saml_user_auth/metadata
Identifier / Entity ID	https://<domain>/q/login/user/saml_user_auth/metadata
Reply URL	https://<domain>/q/login/user/saml_user_auth/acs
Logout URL	https://<domain>/q/login/user/saml_user_auth/sls

From the Identity Provider

info

These values will come from the Identity Provider.

Value	Description
Entity ID	The Identifier of the IdP entity, must be a URI
Single Sign On URL	URL target of the IdP where the Authentication Request Message will be sent
Single Logout URL	URL location of the IdP where SLO Request will be sent (if supported)
X509Cert	Public x509 certificate of the IdP
User email attribute	The SAML attribute that contains the email address for the user
First name attribute	The SAML attribute that contains the user's first name
Last name attribute	The SAML attribute that contains the user's last name

Examples of these values from common Identity Providers are listed on the next page for reference.

For the Service Provider

info

These values you will need to generate for your account.

Value	Description
X509Cert	Public x509 certificate to used to secure and verify messages received from the IdP
Private key	The private key for the X509Cert

Use OpenSSL or a similar cryptographic library to generate the X509 Certificate and Private Key for your account.