Integrate with a SAML Identity Provider¶
This guide serves as a reference for configuring SSO with an Identity Provider (IdP) using the SAML2 protocol.
To integrate VECTR with your SAML IdP, you must:
- Determine your IdP's Federation Metadata URL
- Configure user claims with your IdP
- Configure SAML signing certificate with your IdP
- Configure your IdP in VECTR
- Enter VECTR's callback URL and other pertinent information into your IdP
The process of configuring varies depending on the IdP, so you will need to follow your IdP's documentation to complete the steps listed in this section.
Determine Your IdP's Federation Metadata URL¶
In order to integrate VECTR with your IdP, your IdP must provide its Federation Metadata through a URL that is accessible from VECTR.
The Federation Metadata URL contains information about the server's certificates and supported connection features.
Make note of the Federation Metadata URL, you will need this later.
Configure Your IdP¶
You will need to configure the following with your IdP in order to integrate VECTR:
1. Configure user claims¶
This step is usually not needed, however, if your IdP does not provide the following claims, you will need to configure it to provide the claims that VECTR is expecting.
2. Configure SAML signing certificate¶
Your IdP must sign both the SAML response and assertion.
NameID assertion format¶
Configure your IdP use the following format for the
Configure an Identity Provider in VECTR¶
Log into VECTR as an admin
Navigate to Administration -> Access Management -> Identity Providers
Click Add Provider -> SAML2
Enter the Identity Provider's information, then click Next:
Field Description Required Display Name The name used to customize the login button on the login page. When set, the button will read "Log in with [Display Name]". YES Logo URL URL of an image to use to for the login button. When set, the button will display the image as a 20px by 20px square. NO Metadata URL Your IdP's Federation Metadata URL. YES
Claims mapping. You can generally use the default values provided. Click Save when you are done.
If you make changes to the claims mapping, be sure that the value mapping is configured in your IdP as well.
Copy the information provided on the Configuration Info tab to your IdP. You must configure your IdP to use the values in their respective configuration locations in your IdP.
Click Close when you are done
Test the Connection¶
To test the integration, open a new Incognito window and go to your VECTR instance. You should see a new login method for your IdP. Click on the button and follow the your IdP's authentication flow. After you have authenticated, you should see a screen requesting access to VECTR:
This is the access pending page that all SSO users will see the first time they authenticate with VECTR using your IdP. To read more about managing SSO users, see the Managing SSO Users page.