Prerequisites
- Your Vizzlo account must be on the "Enterprise" plan.
- You must be an administrator of your Vizzlo account.
- You must be able to access your Identity Provider (IdP) configuration.
Vizzlo SAML settings
- Entity ID:
https://vizzlo.com
- ACS URL:
https://vizzlo.com/sso/saml2
Limitations
- Vizzlo currently does not support SP initiated SSO
- Vizzlo does not support Single Logout (SLO)
Configuration Steps
-
Provide the following SAML configuration details for the Vizzlo integration in your identity provider's (IdP) admin console. Usually, these settings are available under "SAML" or "Single Sign-On" settings, when adding a new "application" or "service provider":
- Entity ID (sometimes called the "Audience"):
https://vizzlo.com
- Assertion Consumer Service (ACS) URL (or "Recipient"):
https://vizzlo.com/sso/saml2
- Set the "initiator" to be your identity provider (IdP), if possible
- Set the SAML
NameID
format to a "persistent identifier", if possible
- Entity ID (sometimes called the "Audience"):
-
Your identity provider will now generate a certificate and a set of custom URLs for you to use:
- An Entity ID (sometimes called "issuer URL"),
- A SAML endpoint URL (or "consumer URL" or "single sign-on URL"),
- A X.509 certificate (or "public key" or "PEM").
Paste all these things into the respective fields of the organization settings in Vizzlo:
2.1. Access your organization Settings in Vizzlo's dashboard
2.2. Go to Single sign-on options -
Configure the assertion attributes. Sometimes these settings are called "custom fields" or "parameters". The goal is to configure the IdP to send the following attributes in the SAML assertion as part of the login process:
displayName
: This attribute should contain the full name of the user.email
: This attribute must contain a valid email address associated with the user.- (optional)
uid
: If it's not possible to configure the NameID to provide a unique, persistent identifier, you can set up this attribute instead. It should contain a unique identifier for the user which does not change, if the user ever changes their email address or name.
Note: If you encounter any issues during the setup or testing process, please reach out to our support team for assistance.
Comments
0 comments
Please sign in to leave a comment.