Single Sign On and SCIM
      Back to home
      1. Flexopus Help Center
      2. Integrations
      3. Single Sign On and SCIM

      General setting options of SAML2 for individual providers

      We have provided individual configuration descriptions for the following providers:

      SERVICE PROVIDER METADATA

      Create a new SAML2 connection: Admin Dashboard > Settings > Authentication > Add Provider. You can link several identity providers to Flexopus via SAML2. We already provide separate URLs for each provider:

      • Metadata File
      • Metadata URL
      • Entity ID
      • Callback (ACS) URL. 

      SIGNATURE

      Signing the assertions sent to the Flexopus server is mandatory. Please note that an invalid signature will always result in an error. Therefore, make sure that:

      • your server signs the assertions and not the whole message.
      • your server signs the messages with a key that corresponds to the certificate in your identity provider metadata (idp) that you upload to Flexopus.

      Encryption of assertions sent to Flexopus is optional. If you want to encrypt them, please use our certificate in the metadata of our service provider.

      ATTRIBUTE MAPPINGS

      The following mapping is required by Flexopus. We generally recommend using "urn:" mappings.

      'email' => [
          'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
          'urn:oid:0.9.2342.19200300.100.1.3',
          'http://schemas.xmlsoap.org/claims/EmailAddress',
          'urn:oid:1.2.840.113549.1.9.1',
      ],

      'name' => [
          'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
          'urn:oid:2.16.840.1.113730.3.1.241',
          'http://schemas.xmlsoap.org/claims/CommonName',
          'urn:oid:2.5.4.3',
      ],

      'first_name' => [
          'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
          'urn:oid:2.5.4.42',
      ],

      'last_name' => [
          'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
          'urn:oid:2.5.4.4',
      ],

      'upn' => [
          'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
          'urn:oid:0.9.2342.19200300.100.1.1',
          'http://schemas.xmlsoap.org/claims/UPN',
          'upn',
      ],

      'department' => [
          'department',
          'urn:oid:2.5.4.11',
      ],

      'jobtitle' => [
          'jobtitle',
          'urn:oid:2.5.4.12',
      ],

      Some additional information that might help you:

      • Our server requires that the type of the "NameID" is "persistent".
      • Department , jobtitle and costcenter are optional.

      SUPPORT

      If you need help with the configuration, please feel free to contact us at support@flexopus.com.

      R0049