If you are an IDP, you can authenticate your users in MyRepChat(SP) through SAML. Configuration is managed in your group administrator portal. Once logged in, you can navigate to your Group Setup page, and scroll down until you get to the SAML Identity Provider section.
The 'Email Pattern' is optional. This is used for when you are creating new users with SAML that do not currently existing within MyRepChat. If an email pattern is added, any logins that match the email pattern will be redirected to your IDP. Leave blank if you don't plan to create users or only want to create users using IDP-initiated logins.
The 'Entity Suffix' is optional. It is used if you are a reseller with multiple groups that need unique MRC Entity for each group. Whatever entered here will be added to 'https://dart.ionlake.com/dart/saml'.
The 'Authentication Comparison' and 'Authentication Context' allows you to configure any authentication requirements needed for the AuthnRequest. Leave this as default unless you have reason to change it.
The IDP Configuration can be configured in one of 3 ways - explicitly, through your metadata url, or by providing your metadata directly.
When setting up an explicit configuration, you will need to provide your SSO url, the Issuer, and your certificate.
When setting up a metadata url, just type in the url that our server can use to access your metadata. Note that using a Metadata URL is the preferred method because this allows us to automatically update to any changes in your metadata.
When providing metadata, just paste in your metadata into the provided field.
Click Save when finished. After you have slicked save, our servers will immediately begin using you as the IDP for all users with an email address that ends with the pattern you provided, and your custom service provider url will be displayed.
Authenticating
On incoming SAML authentication responses we require that only the Email assertion is present in order to login in a user. Optionally you can specify the TokenExpiration if is not long enough. If an account is not found using the provided email address, and CreateNew is not provided or is false, the login will fail.
Creating Users
As you will notice in the metadata response, you can create new MyRepChat accounts through SAML. In order to do this, the SAML response you send to us will need to have the following assertions:
- First - User first name
- Last - User last name
- Email - User email address
- Name - Account name
- TokenExpiration - Defines how long the token lives.
- Address1 - Account address line 1
- Address2 - Account address line 2
- City - Account city
- State - Account state
- Zip - Account zip code
- Country - Account country (iso country code e.g US)
- Timezone - Account timezone (e.g. America/Chicago)
- CreateNew - Create account if it doesn't exist (true/false)
After the account has been created, you will receive an email notifying you of the new account, and the user will be placed in the new account and will be presented with a wizard where they can choose their new MyRepChat number.
Comments
0 comments
Please sign in to leave a comment.