Configure SSO with another identity provider

Specific guidelines are given for the following identity providers: 

  1. Microsoft Azure Active Directory
  2. Google
  3. Okta
  4. Onelogin

If your provider is not among this list, please follow these instructions. 

Didomi's SSO solution is SP-initiated and not IDP-initiated. Make sure this is accordingly reflected on your identity provider (i.e: your IDP might ask you to provide this configuration)

👉 Configure your identity provider

  1. Login to your identity provider’s portal.
  2. Navigate to the section where you can configure SSO SAML for Didomi Console application.
  3. Enter the information collected from Didomi Console:
  4. Configured issuer: Your identity provider’s unique identifier in Didomi Console.
  5. Login URL: Sign-in or Reply URL where user will be redirected after successful login on the identity provider.
  6. Logout URL: Where user will be redirected after successful logout on the identity provider.
  7. Find the section where you can configure the email claim:

This step is required, otherwise the SAML SSO configuration will not be complete.

Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Name format: URI Reference
Value: user.email

👉 Fetch the metadata from your identity provider

Before processing, make sure the configuration on the identity provider is done.

Login to your identity provider’s admin portal.

Under the configuration details for Didomi Console, copy the below values and keep them for the SSO settings finalization in Didomi Console:

X509 certificate 👉 The SAML Signing Certificate from your identity provider in CER base64 format.
Login URL 👉 Sign In (or login) URL from your identity provider.
Logout URL 👉 Logout URL from your identity provider. This field could be optional in some identity providers in which case the sign in url will be used instead.

 👉 Manage users in your identity provider

Follow your identity provider guide to manage your users’ access to Didomi console application.