SSO
Setup process
- Configure SSO on your end using parameters from the instructions below
- Provide the following inputs:
- Client’s XML metadata file
- The domain(s) of the emails
- Nameid policy -- required for correct authorization on the service provider side
- Names of the attributes as specified in your IDP for first name, last name, email, and phone (optional)
- Once shared, we will configure the SSO on our side
- Test the connection
General SSO application configuration
| Requested information | Information |
|---|---|
| Preferred Single Sign-On (SSO) Profiles | IDP-initiated SSO -- via Identity Provider SP-Initiated SSO -- via Service Provider |
| Vendor entity unique ID | https://global-auth.gett.com |
| SCIM support (System for Cross-domain SSO) | No |
| Supports automatic MetaData Exchange? | No, we require a manual exchange |
| Separate NON-PROD and PROD environments? | No |
| Dynamic User Provisioning Required? | Yes, please follow the SAML response standards |
| Base vendor URL (Audience) | https://global-auth.gett.com |
| Endpoint URLs | Assertion Consumer Service (Login) URL: https://business.gett.com/saml/acs/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19 Single Logout URL: https://business.gett.com/saml/slo/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19 |
| Preferred SAML Binding | POST |
Assertion Configuration
| Attribute (Claim) name | Required | SAML IDP request response example |
| First Name | Yes | <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xsi:type="xs:anyType">FirstName </saml:AttributeValue> </saml:Attribute> |
| Last Name | Yes | <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xsi:type="xs:anyType">LastName </saml:AttributeValue> </saml:Attribute> |
| Yes | <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xsi:type="xs:anyType">[email protected] </saml:AttributeValue> </saml:Attribute> | |
| Phone | No | <saml:Attribute Name="PhoneNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xsi:type="xs:anyType">972500033333 </saml:AttributeValue> </saml:Attribute> |
- KeyInfo must be included in the assertion
- Email is a primary identifier for all users
Updated almost 3 years ago