Skip to content

Integrate with a SAML Identity Provider

This guide serves as a reference for configuring SSO with an Identity Provider (IdP) using the SAML2 protocol.

Steps

To integrate VECTR with your SAML IdP, you must:

  1. Configure user claims with your IdP
  2. Configure SAML signing certificate with your IdP
  3. Configure your IdP in VECTR
  4. Enter VECTR's callback URL and other pertinent information into your IdP

Prerequisites

Note

The process of configuring varies depending on the IdP, so you will need to follow your IdP's documentation to complete the steps listed in this section.

Configure Your IdP

You will need to configure the following with your IdP in order to integrate VECTR:

1. Configure user claims

This step is usually not needed, however, if your IdP does not provide the following claims, you will need to configure it to provide the claims that VECTR is expecting. The following claims are required:

Claim name Expected Default Value
Username http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Display Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

2. Configure SAML signing certificate

Your IdP must sign both the SAML response and assertion.

3. Configure NameID assertion format

Configure your IdP use the following format for the NameID assertion:

urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

Configure an Identity Provider in VECTR

  1. Log into VECTR as an admin

  2. Navigate to Administration -> Access Management -> Identity Providers

  3. Click Add Provider -> SAML2 SAML SSO

  4. Enter the Identity Provider's information, then click Next:

    Field Description Required
    Display Name The name used to customize the login button on the login page. When set, the button will read "Log in with [Display Name]". YES
    Metadata Your IdP's Federation Metadata. Upload the metdata XML file or provide a URL to the metadata. YES
    Logo URL URL of an image to use to for the login button. When set, the button will display the image as a 20px by 20px square. NO

    Attention

    If you provided a URL to your IdP's Federation Metadata, it must be accessible from VECTR.

    SAML SSO

  5. Claims mapping. You can generally use the default values provided. See Configure Your IdP section above for more info. Click Save when you are done.

    Attention

    If you make changes to the claims mapping, be sure that the value mapping is configured in your IdP as well.

  6. Copy the information provided on the Configuration Info tab to your IdP. You must configure your IdP to use the values in their respective configuration locations in your IdP.

    SAML SSO

  7. Click Close when you are done

Test the Connection

To test the integration, open a new Incognito window and go to your VECTR instance. You should see a new login method for your IdP. Click on the button and follow the your IdP's authentication flow. After you have authenticated, you should see a screen requesting access to VECTR:

VECTR Auth Request

This is the access pending page that all SSO users will see the first time they authenticate with VECTR using your IdP. To read more about managing SSO users, see the Managing SSO Users page.