After reviewing Understanding Single Sign-on (SSO) Through SAML and making the decision to move forward with implementing this login, it is time to set-up SAML SSO.
If you are using OKTA as the Idp, please see Setting up SAML SSO (OKTA IdP)
Steps to set-up SAML
Step 1: Notify PostBeyond that you would like to proceed with SAML SSO set-up so that they can turn on the feature.
Step 2: PostBeyond team to provide you with the metadata file
The moment the admin notifies the CSM that they want SAML SSO, the feature is turned on and the below information will become available on the instance.
The information in the metadata file that the company's IT team will need to complete the process of verifying the Service Provider (PostBeyond) will include:
- Login URL
- Logout Service endpoint
- Assertion Consumer Service endpoint
Step 3: Admin to send PostBeyond Metadata, Certificate & Attributes
Please send PostBeyond the 3 items:
- Metadata file
- Certificate (sometimes located in the metadata file)
PostBeyond requires 3 attributes:
- First Name
- Last Name
For some IdPs attributes are something that your team will set-up when completing the set-up of your custom application.
The App/Variable Attributes can be whatever your team decides. Please let the PostBeyond team know what you've added in these fields:
Step 4: PostBeyond to Complete the Process Internally
The PostBeyond team will finalize the process and provide the customer with an expected date of completion. This process can take up to 3 weeks to complete as it needs to be funneled into our sprint.
Once the admin is notified that the set-up is complete, the login page will have the option for users to login via SSO:
Step 5: Testing & Troubleshooting
Immediately after the process is completed, make sure to test logging in via SSO. Read this article should you experience any issues with this new login option.