Setup process

  • Configure SSO on your end using parameters from the instructions below
  • Provide the following inputs:
    • Client’s XML metadata file
    • The domain(s) of the emails
    • Nameid policy -- required for correct authorization on the service provider side
    • Names of the attributes as specified in your IDP for first name, last name, email, and phone (optional)
  • Once shared, we will configure the SSO on our side
  • Test the connection

General SSO application configuration

Requested information

Information

Preferred Single Sign-On (SSO) Profiles

IDP-initiated SSO -- via Identity Provider
SP-Initiated SSO -- via Service Provider

Vendor entity unique ID

https://global-auth.gett.com

SCIM support (System for Cross-domain SSO)

No

Supports automatic MetaData Exchange?

No, we require a manual exchange

Separate NON-PROD and PROD environments?

No

Dynamic User Provisioning Required?

Yes, please follow the SAML response standards

Base vendor URL (Audience)

https://global-auth.gett.com

Endpoint URLs

Assertion Consumer Service (Login) URL:
https://business.gett.com/saml/acs/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19

Single Logout URL:
https://business.gett.com/saml/slo/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19

Preferred SAML Binding

POST

Assertion Configuration

Attribute (Claim) name

Required

SAML IDP request response example

First Name

Yes

<saml:Attribute Name="FirstName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">FirstName
</saml:AttributeValue>
</saml:Attribute>

Last Name

Yes

<saml:Attribute Name="LastName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">LastName
</saml:AttributeValue>
</saml:Attribute>

Email

Yes

<saml:Attribute Name="Email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">[email protected]
</saml:AttributeValue>
</saml:Attribute>

Phone

No

<saml:Attribute Name="PhoneNumber"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">972500033333
</saml:AttributeValue>
</saml:Attribute>

  • KeyInfo must be included in the assertion
  • Email is a primary identifier for all users

Did this page help you?