How to configure SAML for the Texada Identity Service (TIS).
In This Article
- Introduction
- Create a SAML Application in your Identity Provider
- Configure Service Provider Attributes
- Provide Information to Texada Software
Introduction
The following article describes the process of configuring a SAML-based Identity Provider (IdP) for integration with the Texada Identity Service (TIS). This process involves making a number of configurations to your IdP, then providing Texada with the information it needs to complete the integration.
Before starting the configuration process, please contact Texada support and inform them of your intent to migrate to TIS. This will allow Texada to complete our configurations in a timely manner as well as provide assistance throughout the transition process.
1. Create a SAML Application in your Identity Provider
This step involves adding some information to the SAML application so that it knows how to receive and respond to SAML-based authentication requests coming from Texada’s Identity Service.
In order to complete this step, Texada will provide you with a connection name unique to your organization. Enter this connection name whenever you see the keyword YOUR_CONNECTION_NAME in the configurations below.
1a. Assertion Consumer Service / Application Callback URL
This URL is used to send SAML assertions after the IdP has authenticated a user. The format of this URL will change depending on your organization’s region:
- North America: https://us-auth0.texadasoftware.com/login/callback?connection=YOUR_CONNECTION_NAME
- Europe: https://eu-auth0.texadasoftware.com/login/callback?connection=YOUR_CONNECTION_NAME
- APAC: https://au-auth0.texadasoftware.com/login/callback?connection=YOUR_CONNECTION_NAME
Make sure to replace YOUR_CONNECTION_NAME with the value provided by Texada.
1b. SP Entity ID/Audience Restriction
This is the audience for the identity provider. It has the following format:
urn:auth0:texada:YOUR_CONNECTION_NAME
Make sure to replace YOUR_CONNECTION_NAME with the value provided by Texada.
If your Identity Provider provides a choice for bindings, select “HTTP-Redirect for Authentication Requests”.
1c. Idp Entity ID
This is the unique, case-sensitive identifier used by SAML applications for the Auth0 service provider. Most service providers require this value during the configuration in their applications. It may also be referred to as an Issuer, Identifier, or Identity Provider.
Enter one of the values below depending on your organization’s region:
- North America: https://us-auth0.texadasoftware.com
- Europe: https://eu-auth0.texadasoftware.com
- APAC: https://au-auth0.texadasoftware.com
2. Configure Service Provider Attributes
Go to the user attribute mapping section and add the following attributes:
- email is returned
- family_name is returned and Identity Provider equivalent name is mapped to this (e.g. lastname)
- given_name is returned and Identity Provider equivalent name is mapped to this (e.g. firstname)
3. Provide Information to Texada Software
These instructions are generic. You will have to locate this information in your specific identity provider (IdP).
Once located, this information can be sent securely to Texada Software through Keeper Vault. A free account can be created here.
- SSO URL: The URL at your IdP to which SAML authentication requests should be sent. This is often called the Identity Provider Single Sign-On URL, SSO URL, or IdP URL.
- Logout URL: The URL at your IdP to which SAML logout requests should be sent. This is often called a logout URL, a global logout URL, Sign Out URL, or single logout URL.
- X509 Signing certificate: A certificate needed by Auth0 (service provider) to validate the signature of the authentication assertions that have been digitally signed by the IdP. There should be a place to download the signing certificate from the IdP. If the certificate is not in .pem or .cer format, you should convert it to one of these formats.
- IdP Domains: Optional domain names that can be authenticated in the Identity Provider.