Service Provider Configuration (SSO)

Configuring a Service Provider Connector

To configure a Service Provider connector for a customer, specific information exchange is required.

Determine the customer's Identity Provider (IdP).
- Once identified, refer to the relevant section below for details.
  - AzureAD
  - ADFS
  - SAML
Log the request in Jira as a task under the Triage project.
- Add the label SSO to the ticket.

What we need from the customer:

What we provide to the customer:

WS-Federation Connector

What we need from the customer:

Federation metadata file (XML) – either the file itself or a URL where it can be downloaded.

What we provide to the customer:

Examples: Okta, Auth0, Ping, Google

What we need from the customer:

What we provide to the customer:

Assertion Certificate (PEM)
SP Entity ID (Audience URI):
urn:auth0:prod-aurora-surecloud:<connector>
Single Sign-On URL (Assertion Consumer Service URI):
https://auth.surecloud.io/login/callback?connection=<connector>&organization=<organization_id>
Single Logout URL:
https://auth.surecloud.io/logout

Note: Replace <connector> and <organization_id> with values specific to the organization, provided during setup.

The following SAML claims must be present to correctly populate user records:

IDP-Initiated SSO allows the customer to initiate login from a site other than the platform, such as their internal web page.

Enable in Auth0:

On the tenant's enterprise SAML connection, enable IdP-Initiated SSO with these settings:

Accept Request
Default application: prod-uk-auth0-single-page-application
Response Protocol: OpenID Connect
Query String (replace SUBDOMAIN with the tenant's subdomain):
scope=openid email&redirect_uri=https://SUBDOMAIN.surecloud.io/idpLogin