Note: Rev also provides Single Sign On (SSO) with user provisioning so that user accounts may be created upon log-in without the need for an LDAP connector deployment. See: Configure Single Sign On (SSO) with User Provisioning Enabled. User provisioning must be enabled on the root account by Vbrick Support Services before this feature may be used. |
Field Name | Required | Description |
---|---|---|
Enable Single Sign On | Yes | Select to enable SSO in Rev. |
Identity Provider Metadata | Yes | Paste your Identity Provider server’s metadata XML code in this field. You will need to obtain the Identity Provider metadata (XML) from your Identity Provider server. |
SAML Identity Location | Choose either the NameIdentifier Element or Attribute Element depending upon which element in the SAML Authentication Response will have the username. Note that if you select Attribute Element (default), you must provide the Identify Attribute Element Name or Rev will not authenticate. | |
Identity Attribute Element Name | Yes | If Attribute Element is selected as the SAML Identity Location, this field must be completed or SSO will not work. The Identity Attribute Element Name is the field in the SAML Authentication Response (XML) that will contain the username. For example, in the code below, name is specified as SFDC_USERNAME. This is what would be pasted in Identify Attribute Element Name field in Rev, as seen in the image above. <saml:AttributeStatement> <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> |
Signature Algorithm | Yes | Options to be used for signing. Select either SHA1withRSA or SHA256withRSA. |
Sign SAML Request | Only enabled when the URL of the redirect exceeds 2048 characters which may occasionally cause issues with Internet Explorer or IIS/ADFS. Be aware that checking and un-checking this box will require the service provider metadata be re-downloaded to get the latest version again once saved. Contact Vbrick Support Services for assistance with this option. | |
Download Service Provider MetaData | This is the Rev Service Provider XML metadata that is provided to the Identity Provider server. It should be downloaded and used with the IDP server similar to how the IDP’s metadata XML is pasted in the Identity Provider Metadata field above. | |
Regenerate Cert | This will regenerate the Service Provider’s certificate and metadata. If you decide to do this, keep in mind you will need to download the Service Provider MetaData again for re-insertion into the IDP server. |