website logo
⌘K
Getting Started
Introduction
Basic Concepts
Opening an Account
Creating & Configuring Products
Integrating SDK and Configuring License Fulfillment
Activate a Key-Based License
Vendor Platform
Issuing New Licenses
License Detail View
Order Detail View
Customer Detail View
Metadata
Analytics
Settings
Product Configuration
Product Features
Product Custom Fields
Product Versioning
License Policies
Product Bundles
License Entitlements
License Types
Activations & Device Transfers
Features
Custom Fields
License Start Date
License Note
Maintenance Period
Trial Licenses
Floating Licenses
License Activation Types
Portals
End-User Portal
Offline Portal
Air-Gapped Portal
License API
License API Authorization
License Activation/Deactivation
License Check
Consumption
Floating
Trial Key
Product Details
Device Variables
Changing Password
Management API
Making API Requests
Management API Authorization
Customer
Product
Order
License
Device
Analytics
SDKs
Tutorials
.NET/C# SDK
.NET/C# Management SDK
C++ SDK
Java SDK
Python SDK
Go SDK
Delphi SDK
Swift/Objective-C SDK
Android SDK
Unity SDK
Errors and Response Codes
Floating Server
API Reference
Deployment
Configuration
Floating Server UI
Securing the Server
Whitelabeling
FAQ
Floating Server Changelog
Integrations
Salesforce
FastSpring
Stripe
Shopify
Common Scenarios
Single Sign On (SSO)
Glossary
General
SDK Glossary
Vendor Platform
Product Configuration Glossary
License Configuration
Postman Collections
Frequently Asked Questions
Changelog
License API changelog
Platform changelog
Docs powered by
Archbee
Common Scenarios

Single Sign On (SSO)

16min

Enabling Third-Party Sign-In Integration

Incorporating third-party identity providers (IdPs) for user sign-in is an option within your application. The current support includes social sign-ins via Google and SAML IdPs like Azure Active Directory.

Integrating Social Identity Providers

Before setting up a social IdP, it's necessary to register your application with the respective IdP to acquire a client ID and client secret.

Google

  1. Create a developer account with Google if you haven't already.
  2. Access the OAuth consent screen page.
  3. Opt for the external User Type and proceed to create it.
  4. Provide app information, app domain (optional), and developer contact details.
  5. Save and move forward.
  6. Configure Scopes:
    • Include Scopes like .../auth/userinfo.email, .../auth/userinfo.profile, openid.
  7. Update settings and save.
  8. Continue to Test users settings and save.
  9. Navigate to the Credentials page.
  10. Create credentials > OAuth client ID.
  11. Select web application type, name your OAuth 2.0 client.
  12. Add URIs to authorized JavaScript origins and authorized redirect URIs.
  13. Create and note down your Client ID and your Client Secret.

Incorporating SAML Identity Providers

To enable SAML IdP sign-in for your app users:

  1. Follow your SAML identity provider's instructions to add a relying party or application for your SAML 2.0 IdP.
  2. Configure the assertion consumer endpoint in your SAML identity provider to:
    • https://{_domain_name_}.auth.{_region_}.amazoncognito.com/saml2/idpresponse
  3. Some SAML IdPs might require the SP urn / Audience URI / SP Entity ID:
    • Use urn:amazon:cognito:sp:{
  4. Configure your SAML IdP to provide an email value (claim) in the SAML assertion.
  5. Support SAML 2.0 federation with post-binding endpoints. This ensures direct receipt of SAML responses via a user agent, eliminating the need for retrieval and parsing.

Provide a SAML Provider Name and the metadata document from your SAML IdP.

Azure Active Directory

  1. Access Azure Portal and choose Azure Active Directory.
  2. Add an enterprise application.
  3. Create your own application, input name, and select non-gallery option.
  4. Opt for single sign-on > SAML.
  5. Edit Basic SAML Configuration:
    • Set Identifier as urn:amazon:cognito:sp:{_user_pool_id_}
    • Configure Reply URL as https://{_domain_name_}.auth.{_region_}.amazoncognito.com/saml2/idpresponse
  6. Save and close the settings.
  7. Download Federation Metadata XML.
  8. Provide us with your provider's name and the downloaded metadata.

Error: A common Azure DB provider SSO error is shown in the screenshot below:

Azure DB Common Error.
User not assigned to a role for application.


To resolve this error, follow these steps:

  1. In the Azure Active Directory Admin Center, select your app and then search for and select the application to which you want to assign the user account.
  2. In the left pane select Users and Groups and then select Add User/Group.
Assign Users/Groups
Assign Users/Groups

Select Add User/Group
Select Add User/Group


3. On the Add Assignment pane, select None Selected under Users and Groups 4. Search for and select the user that you want to assign to the application, select Select 5. On the Add Assignment, select Assign at the bottom of the pane 6. When all steps are completed, user can normally sign in to account using SSO

Final step to assign user to application
Final step to assign user to application


Auth0

Create an Auth0 Application

  1. Access the Auth0 website dashboard.
  2. Click on Applications, then select Create Application.
  3. In the Create Application dialog box, provide a name for your application (e.g., My App).
  4. Choose Single Page Web Applications as the application type.
  5. Click the Create button.

Create a Test User

  1. Navigate to the left navigation bar and select User Management.
  2. Click on Users.
  3. Choose + Create Your First User. Alternatively, if this is not your initial user, select + Create User.
  4. Within the Create user dialog box, input the user's email and password.
  5. Click the Save button.

Configure SAML Settings

  1. Access the left navigation bar and click on Applications.
  2. Select the name of the application you previously created.
  3. Go to the Addons tab.
  4. Activate the SAML2 Web App option.
  5. Within the Addon: SAML2 Web App dialog box, navigate to the Settings tab.
  6. For the Application Callback URL, input https://_domain_name_.auth._region_.amazoncognito.com/saml2/idpresponse
    • Please substitute domain_name and region with the appropriate values from your Single Sign-On (SSO) settings.
  7. Under Settings, input the following:
    • { "audience": "urn:amazon:cognito:sp:_user_pool_id_", "mappings": { "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" }, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }
    • Replace _user_pool_id_ with the value from your SSO settings.
  8. (Optional) Choose Debug, then log in as the test user you created to confirm that the configuration works.
  9. Choose Enable, and then choose Save.

Get the IdP Metadata

  1. In the Addon: SAML2 Web App dialog box, on the Usage tab, find Identity Provider Metadata. Then do either of the following:
  2. Choose download to download the .xml metadata file.

Okta

Create a SAML App

  1. Open the Okta Developer Console.
  2. In the navigation menu, expand Applications, and then choose Applications.
  3. Choose Create App Integration.
  4. In the Create a new app integration menu, choose SAML 2.0 as the Sign-in method.
  5. Choose Next.

Configure SAML Integration

  1. On the Create SAML Integration page, under General Settings, enter a name for your app.
  2. Choose Next.
  3. Under GENERAL, for Single sign on URL, enter https://_domain_name_.auth._region_.amazoncognito.com/saml2/idpresponse
    • Replace _domain_name_ and _region_ with the values from your SSO settings.
  4. For Audience URI (SP Entity ID), enter urn:amazon:cognito:sp:_user_pool_id_
    • Replace _user_pool_id_ with the value from your SSO settings.
  5. Under ATTRIBUTE STATEMENTS (OPTIONAL), add a statement with the following information:
    • For Name, enter the SAML attribute name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    • For Value, enter user.email.
  6. For all other settings on the page, leave them as their default values or set them according to your preferences.
  7. Choose Next.
  8. Choose a feedback response for Okta Support.
  9. Choose Finish.

Assign a User

  1. On the Assignments tab for your Okta app, for Assign, choose Assign to People.
  2. Choose Assign next to the user that you want to assign. Note: If this is a new account, the only option available is to choose yourself (the admin) as the user.
  3. (Optional) For User Name, enter a user name, or leave it as the user's email address, if you want.
  4. Choose Save and Go Back. Your user is assigned.
  5. Choose Done.

Get the IdP Metadata

  1. On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink.
  2. Right-click the hyperlink, and then copy the URL.
    • If not found then click View SAML setup instructions and save the value from Provide the following IDP metadata to your SP provider into an xml file.



Updated 15 Sep 2023
Did this page help you?
PREVIOUS
Shopify
NEXT
Implementing Single Sign-On (SSO)
Docs powered by
Archbee
TABLE OF CONTENTS
Enabling Third-Party Sign-In Integration
Integrating Social Identity Providers
Google
Incorporating SAML Identity Providers
Azure Active Directory
Auth0
Okta
Docs powered by
Archbee