This article is also available in:

How to setup SSO for Vormats

At the moment it's only possible to setup SSO with the help of one of our representatives, to start the process send an email to support@vormats.com

In the "Vormats SSO Onboarding" form that was sent to you, you will find all the information needed to setup the SAML Signing Certificate for your identity Provider (if your identity provider is not mentioned below contact support).

Azure AD (Enterprise Application)

Creating an Enterprise Application on Azure and Setting up Custom SAML Sign-On with Vormats

In this guide, we will walk you through the process of creating an enterprise application on Azure and setting up custom SAML sign-on with Cognito. This guide assumes that you have an Azure account and permissions to create an Enterprise Application (if your company's setup is different contact support)

Step 1: Create an Enterprise Application on Azure

Click on "Enterprise applications" and then click on "New application".

Select "Non-gallery application" and give your application a name.

Click on "Add" to create the application.

Step 2: Configure SAML Settings on Azure

Once your application is created, click on "Single sign-on" in the left-hand menu.

Select "SAML" as the single sign-on method.

In the "Basic SAML Configuration" section, enter the following values:

Identifier (Entity ID): Fill this field with the value under "Identifier" in the "Vormats SSO Onboarding" form.
Reply URL (Assertion Consumer Service URL): Fill this field with the value under "Reply URL" in the "Vormats SSO Onboarding" form.

In the "User Attributes & Claims" section, add the following attributes:

givenname
surname
emailaddress
name
Unique User Identifier

Click on "Save" to save your SAML settings.

Once you’ve set everything up, you can share with us the Federation Metadata XML file link with the following settings (these are default settings, if you don’t have custom settings settings you can ignore this step):

Signing Option: Sign SAML Assertion
Signing Algorithm: SHA-256

Congratulations! You have successfully created an enterprise application on Azure and set up custom SAML sign-on with Vormats.

Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form

Open AM

Step 1: Add the below attribute mapping to your realm:

mail = mail
cn = cn
sn = sn
givenname = givenname

Step 2: Access the IdP Metadata XML through the following URL:

http://{YOUR OPENAM SERVER}/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://{YOUR ENTITY ID}&realm=/{YOUR REALM NAME}

Example:
http://openam.example.com:8080/idpam/saml2/jsp/exportmetadata.jsp?entityid=http://openam.example.com:8080/idpam&realm=/AWS

Step 3: Setup Vormats Service Provider in OpenAM console.

Create an XML file called spaws.xml with the following content, and replace the placeholders with the information from the “General” section at the top of this document:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="{IDENTIFIER ID HERE}" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
   <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
       <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
       <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
       <AssertionConsumerService index="0" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{REPLY URL HERE}"/>
   </SPSSODescriptor>
</EntityDescriptor>

Step 4: Upload spaws.xml

Under Realms > {Your Realm Name} > Dashboard > Configure SAMLv2 Providers, click Configure Remote Service Provider and upload the spaws.xml file you just created.

Congratulations! You have successfully set up custom SAML sign-on with Vormats

Please add the email domains and Federation Metadata XML file link you'll be using in the "Vormats SSO Onboarding" form

OKTA (Custom Application)

Sign in to Okta with admin access credentials and click on “Admin” button on top right corner
On the admin menu choose Applications > Applications
Click on "Create App Integration" button
Select the option SAML 2.0
Click Create, this will open a General Settings page for SAML app.

Enter a name for your app.
Upload a logo and choose the visibility settings for your app. (Optional)

Click Next
Use the values provided in the form to fill the inputs:

Single sign on URL = Reply URL
Audience URI = Identifier ID (Entity ID)

SAML Configuration Tab

In the "Attribute Statements" section set the following values (optionally you can use other sources for the name/email)

Statements Section

Click Next

In the "Feedback" section:

Select "I'm an Okta customer adding an internal app"
Select "It's required to contact the vendor to enable SAML"
Fill the open fields as you please.

Click "Finish", you'll be redirected to the application details page
Copy the "Metadata URL" presented in the "Sign On" tab
Finally, add the copied URL to the Google Form and we will finalize the process.

Congratulations! You have successfully set up custom SAML sign-on with Vormats!

Please add the email domains and Metadata URL link you'll be using in the "Vormats SSO Onboarding" form

Updated on: 21/05/2024

Was this article helpful?

Thank you!