S.A.M.L

Security Assertion Markup Language (SAML) is a standard for logging members into applications based on their sessions in another context. It allows members to log into multiple applications with one set of credentials. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password:

  • No need to type in credentials
  • No need to remember and update passwords
  • No weak passwords

Most organizations already know the identity of members because they are logged into their Active Directory domain or intranet. It makes sense to use this information to log members into Officevibe.

SAML is powerful and flexible, but the specification can be quite a handful. Our Engineering team will assist with the Configuration.

 

Configuration Requirements

You will have to create an application in the IDP (Identity Provider) with our SP (Service Provider) configuration to offer SAML authentication to your members.

You must then use the SAML ID we provide to replace all instances of {ProvidedSamlId} in the URLs below when entering them into your IDP configuration.

Authentication requests must be signed with the SHA-256 algorithm. We do not support SHA-1 since it is too vulnerable to attacks.

Once this is done, please fill out this request form to get in touch with our Support team to provide them with your metadata. They will then give you a unique SAML ID you need to use in your configuration.

 

Our SP configurations:

entityID="https://app.officevibe.com" or "https://sandbox.officevibe.com"
 

 

Production Sandbox

Audience

https://officevibe.fusionauth.io/samlv2/sp/{ProvidedSamlId} https://officevibe.fusionauth.io/samlv2/sp/{ProvidedSamlId}

Recipient

https://officevibe.fusionauth.io/samlv2/acs/{ProvidedSamlId}/a81bf20c-31f3-4a81-8977-b67df4c9d35b https://officevibe.fusionauth.io/samlv2/acs/{ProvidedSamlId}/a81bf20c-31f3-4a81-8977-b67df4c9d35b

ACS (Consumer) URL Validator

^https:\/\/officevibe.fusionauth.io\/auth\/samlv2\/acs\/{ProvidedSamlId}/a81bf20c-31f3-4a81-8977-b67df4c9d35b?scope=offline_access$ ^https:\/\/officevibe.fusionauth.io\/auth\/samlv2\/acs\/{ProvidedSamlId}/b3dd9e37-d57a-408c-81a5-f13c5652d134?scope=offline_access$

ACS (Consumer) URL

https://officevibe.fusionauth.io/samlv2/acs/{ProvidedSamlId}/a81bf20c-31f3-4a81-8977-b67df4c9d35b?scope=offline_access https://officevibe.fusionauth.io/samlv2/acs/{ProvidedSamlId}/b3dd9e37-d57a-408c-81a5-f13c5652d134https://officevibe.fusionauth.io/samlv2/acs/%7BProvidedSamlId%7D/b3dd9e37-d57a-408c-81a5-f13c5652d134?scope=offline_access

 

Parameters

 You need to have the following fields

EN_SAML_Test_Connector__IdP_.jpg

 

Limitations

  • We only support SAML 2.0
  • We only support the IDP Initiated flow (there is no user-friendly URL to authenticate users)
  • There is no Single Log Out (a user logging out of OV will not be logged out of the system doing the SAML authentication)
  • Authentication requests must be signed with the SHA-256 algorithm.

Notice

If you are an Organization wanting to authenticate with High GCC O365, it is only available with SAML. Don't hesitate to contact our Technical Support Team to configure SAML for your Officevibe application.

Cost

SAML is accessible for detainers of Officevibe's Pro Plan at no additional cost. 

 

Other SSO Options: 

Share