How to setup SSO for Vormats
At the moment it's only possible to setup SSO with the help of one of our representatives, to start the process send an email to support@vormats.com
In the "Vormats SSO Onboarding" form that was sent to you, you will find all the information needed to setup the SAML Signing Certificate for your identity Provider (if your identity provider is not mentioned below contact support).
In this guide, we will walk you through the process of creating an enterprise application on Azure and setting up custom SAML sign-on with Cognito. This guide assumes that you have an Azure account and permissions to create an Enterprise Application (if your company's setup is different contact support)
Log in to your Azure account and navigate to the Azure Active Directory section.
Click on "Enterprise applications" and then click on "New application".
Select "Non-gallery application" and give your application a name.
Click on "Add" to create the application.
Once your application is created, click on "Single sign-on" in the left-hand menu.
Select "SAML" as the single sign-on method.
In the "Basic SAML Configuration" section, enter the following values:
Identifier (Entity ID): Fill this field with the value under "Identifier" in the "Vormats SSO Onboarding" form.
Reply URL (Assertion Consumer Service URL): Fill this field with the value under "Reply URL" in the "Vormats SSO Onboarding" form.
In the "User Attributes & Claims" section, add the following attributes:
givenname
surname
emailaddress
name
Unique User Identifier
Click on "Save" to save your SAML settings.
Once you’ve set everything up, you can share with us the Federation Metadata XML file link with the following settings (these are default settings, if you don’t have custom settings settings you can ignore this step):
Signing Option: Sign SAML Assertion
Signing Algorithm: SHA-256
Congratulations! You have successfully created an enterprise application on Azure and set up custom SAML sign-on with Vormats.
Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form
http://{YOUR OPENAM SERVER}/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://{YOUR ENTITY ID}&realm=/{YOUR REALM NAME}
Example:
http://openam.example.com:8080/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://openam.example.com:8080/idpam&realm=/AWS
Create an XML file called spaws.xml with the following content, and replace the placeholders with the information from the “General” section at the top of this document:
Under Realms > {Your Realm Name} > Dashboard > Configure SAMLv2 Providers, click Configure Remote Service Provider and upload the spaws.xml file you just created.
Congratulations! You have successfully set up custom SAML sign-on with Vormats
Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form
In the "Vormats SSO Onboarding" form that was sent to you, you will find all the information needed to setup the SAML Signing Certificate for your identity Provider (if your identity provider is not mentioned below contact support).
Azure AD (Enterprise Application)
Creating an Enterprise Application on Azure and Setting up Custom SAML Sign-On with Vormats
In this guide, we will walk you through the process of creating an enterprise application on Azure and setting up custom SAML sign-on with Cognito. This guide assumes that you have an Azure account and permissions to create an Enterprise Application (if your company's setup is different contact support)
Step 1: Create an Enterprise Application on Azure
Log in to your Azure account and navigate to the Azure Active Directory section.
Click on "Enterprise applications" and then click on "New application".
Select "Non-gallery application" and give your application a name.
Click on "Add" to create the application.
Step 2: Configure SAML Settings on Azure
Once your application is created, click on "Single sign-on" in the left-hand menu.
Select "SAML" as the single sign-on method.
In the "Basic SAML Configuration" section, enter the following values:
Identifier (Entity ID): Fill this field with the value under "Identifier" in the "Vormats SSO Onboarding" form.
Reply URL (Assertion Consumer Service URL): Fill this field with the value under "Reply URL" in the "Vormats SSO Onboarding" form.
In the "User Attributes & Claims" section, add the following attributes:
givenname
surname
emailaddress
name
Unique User Identifier
Click on "Save" to save your SAML settings.
Step 3: Sharing the SAML Signing Certificate
Once you’ve set everything up, you can share with us the Federation Metadata XML file link with the following settings (these are default settings, if you don’t have custom settings settings you can ignore this step):
Signing Option: Sign SAML Assertion
Signing Algorithm: SHA-256
Congratulations! You have successfully created an enterprise application on Azure and set up custom SAML sign-on with Vormats.
Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form
Open AM
Step 1: Add the below attribute mapping to your realm:
mail = mail
cn = cn
sn = sn
givenname = givennameStep 2: Access the IdP Metadata XML through the following URL:
http://{YOUR OPENAM SERVER}/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://{YOUR ENTITY ID}&realm=/{YOUR REALM NAME}
Example:
http://openam.example.com:8080/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://openam.example.com:8080/idpam&realm=/AWS
Step 3: Setup Vormats Service Provider in OpenAM console.
Create an XML file called spaws.xml with the following content, and replace the placeholders with the information from the “General” section at the top of this document:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="{IDENTIFIER ID HERE}" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
<AssertionConsumerService index="0" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{REPLY URL HERE}"/>
</SPSSODescriptor>
</EntityDescriptor>Step 4: Upload spaws.xml
Under Realms > {Your Realm Name} > Dashboard > Configure SAMLv2 Providers, click Configure Remote Service Provider and upload the spaws.xml file you just created.
Congratulations! You have successfully set up custom SAML sign-on with Vormats
Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form
Updated on: 12/04/2023
Thank you!