Note: User provisioning must be enabled on the root account by Vbrick Support Services before this feature is enabled and before you may configure SSO with user provisioning. You can check if user provisioning has been enabled on your Account form. See: View Contact and Billing Information for an Account |
Field Name | Required | Description |
---|---|---|
Enable Single Sign On | Yes | Select to enable SSO in Rev. |
User Provisioning | Yes | Will be enabled by Vbrick. Not user configured. |
SAML Identity Location | Choose either the NameIdentifier Element or Attribute Element depending upon which element in the SAML Authentication Response will have the username. Note that if you select Attribute Element (default), you must provide the Identify Attribute Element Name or Rev will not authenticate. | |
Identity Attribute Element Name | Yes | If Attribute Element is selected as the SAML Identity Location, this field must be completed or SSO will not work. The Identity Attribute Element Name is the field in the SAML Authentication Response (XML) that will contain the username. For example, in the code below, name is specified as SFDC_USERNAME. This is what would be pasted in Identify Attribute Element Name field in Rev, as seen in the image above. <saml:AttributeStatement> <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> |
First Name Attribute Element Name | The first name of the user account. | |
Last Name Attribute Element Name | Yes | The last name of the user account. Similar to Identity Attribute Element Name above, this is a required field and must be completed in order to authenticate correctly. |
Email Attribute Element Name | Yes | The email of the user account. Similar to Identity Attribute Element Name above, this is a required field and must be completed in order to authenticate correctly. Correct email format must also be used and the field must be unique. |
Title Attribute Element Name | The title of the user account. | |
Phone Attribute Element Name | The phone number of the user account. | |
Identity Provider Metadata | Yes | Paste your Identity Provider server’s metadata XML code in this field. You will need to obtain the Identity Provider metadata (XML) from your Identity Provider server. |
Signature Algorithm | Yes | Options to be used for signing. Select either SHA1withRSA or SHA256withRSA. |
Sign SAML Request | Only enabled when the URL of the redirect exceeds 2048 characters which may occasionally cause issues with Internet Explorer or IIS/ADFS. Be aware that checking and un-checking this box will require the service provider metadata be re-downloaded to get the latest version again once saved. Contact Vbrick Support Services for assistance with this option. | |
Download Service Provider MetaData | This is the Rev Service Provider XML metadata that is provided to the Identity Provider server. It should be downloaded and used with the IDP server similar to how the IDP’s metadata XML is pasted in the Identity Provider Metadata field above. | |
Regenerate Cert | This will regenerate the Service Provider’s certificate and metadata. If you decide to do this, keep in mind you will need to download the Service Provider MetaData again for re-insertion into the IDP server. |