Integrate with a SAML Identity Provider¶
This guide serves as a reference for configuring SSO with an Identity Provider (IdP) using the SAML2 protocol.
To integrate VECTR with your SAML IdP, you must:
- Configure user claims with your IdP
- Configure SAML signing certificate with your IdP
- Configure your IdP in VECTR
- Enter VECTR's callback URL and other pertinent information into your IdP
The process of configuring varies depending on the IdP, so you will need to follow your IdP's documentation to complete the steps listed in this section.
Configure Your IdP¶
You will need to configure the following with your IdP in order to integrate VECTR:
1. Configure user claims¶
This step is usually not needed, however, if your IdP does not provide the following claims, you will need to configure it to provide the claims that VECTR is expecting. The following claims are required:
|Claim name||Expected Default Value|
2. Configure SAML signing certificate¶
Your IdP must sign both the SAML response and assertion.
NameID assertion format¶
Configure your IdP use the following format for the
Configure an Identity Provider in VECTR¶
Log into VECTR as an admin
Navigate to Administration -> Access Management -> Identity Providers
Click Add Provider -> SAML2
Enter the Identity Provider's information, then click Next:
Field Description Required Display Name The name used to customize the login button on the login page. When set, the button will read "Log in with [Display Name]". YES Metadata Your IdP's Federation Metadata. Upload the metdata XML file or provide a URL to the metadata. YES Logo URL URL of an image to use to for the login button. When set, the button will display the image as a 20px by 20px square. NO
If you provided a URL to your IdP's Federation Metadata, it must be accessible from VECTR.
Claims mapping. You can generally use the default values provided. See Configure Your IdP section above for more info. Click Save when you are done.
If you make changes to the claims mapping, be sure that the value mapping is configured in your IdP as well.
Copy the information provided on the Configuration Info tab to your IdP. You must configure your IdP to use the values in their respective configuration locations in your IdP.
Click Close when you are done
Test the Connection¶
To test the integration, open a new Incognito window and go to your VECTR instance. You should see a new login method for your IdP. Click on the button and follow the your IdP's authentication flow. After you have authenticated, you should see a screen requesting access to VECTR:
This is the access pending page that all SSO users will see the first time they authenticate with VECTR using your IdP. To read more about managing SSO users, see the Managing SSO Users page.