Contents x
    Generic SSO Parameters
    • 1 Minute to read
    • Print
    • PDF
    Contents

    Generic SSO Parameters

    • 1 Minute to read
    • Print
    • PDF
    Article summary

    About this document

    This document describes the generic SAFE SSO implementation and parameters that customers can use to configure their SSO integrations. This document supplements SAFEs documented SSO integrations as well as providing information allowing any SAML 2.0 based SSO integration to be configured.

    Introduction

    Single Sign-On (SSO) enables organizations to use the SAML 2.0 authentication provider for authenticating login into SAFE. SAFE Admin can onboard and manage users right from any SAML 2.0 enabled SSO platform, eliminating the need to maintain a separate user authentication mechanism for SAFE.

    Generic SSO Process

    Configuring SSO for the SAFE platform will follow the following generic steps

    1. Configure your identity provider using either the SSO parameters in this document, or by following one of SAFEs published SSO guides.
    2. Submit your XML metadata file and SSO-applicable email domain to the SAFE Service Desk
    3. On receipt your XML metadata file and SSO-applicable email domain SAFE will configure your SSO details and respond to confirm that configuration has been completed for SAFE
    4. Test that SSO works correctly.

    SAFE Specific SSO Parameters

    In order to configure SAFE SSO you will need the following SSO Parameters:

    Entity ID and ACS URL / Reply URL 

    The Entity ID and Reply URL will vary based on the URL that you use to access the SAFE One platform

    • For us.safeone.ai:
      • Entity ID: urn:amazon:cognito:sp:us-east-1_gi48DCFhl
      • Reply URL: https://safe-auth-app-us.safeone.ai/saml2/idpresponse
      • Reply URL Validator: ^https:\/\/safe-auth-app-us\.safeone\.ai\/saml2\/idpresponse$
    • For eu.safeone.ai:
      • Entity ID: urn:amazon:cognito:sp:eu-central-1_ZttJhybLG
      • Reply URL: https://safe-auth-app-eu.safeone.ai/saml2/idpresponse
      • Reply URL Validator: ^https:\/\/safe-auth-app-eu\.safeone\.ai\/saml2\/idpresponse$
    • For ap.safeone.ai:
      • Entity ID: urn:amazon:cognito:sp:ap-south-1_7CQBtMlDY
      • Reply URL: https://safe-auth-app-ap.safeone.ai/saml2/idpresponse
      • Reply URL Validator: ^https:\/\/safe-auth-app-ap\.safeone\.ai\/saml2\/idpresponse$
    • For au.safeone.ai:
      • Entity ID: urn:amazon:cognito:sp:ap-southeast-2_mcBz0q4PQ
      • Reply URL: https://safe-auth-app-au.safeone.ai/saml2/idpresponse
      • Reply URL Validator:  ^https:\/\/safe-auth-app-au\.safeone\.ai\/saml2\/idpresponse$


    Name ID Format

    You must specify the Name ID Format as Email


    Email Attribute Mapping 

    Use the following as your Email Attribute Mapping:

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress


    Additional Attribute Mapping 

    These are optional and only if the following attributes are available will be synced automatically to SAFE):

    First Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

    Last Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    FAQ

    Does SAFE support IDP initiated SSO?

    SAFEs SSO utilises AWS Cognito. At this time, AWS Cognito does not support IDP initiated SSO.


    Was this article helpful?
    What's Next