If your company supports single sign-on (SSO) using SAML 2.0, you can use your SAML 2.0 Identity Provider (IdP) to authentication your company’s users into the Vibes Mobile Engagement platform.
In this guide, we’ll provide you with the flow details and requirements to set up this integration. If you're interested in enabling single sign-on for your account, please contact your Vibes account manager.
- User navigates to the Vibes Mobile Engagement Platform.
- User enters the email address associated with their platform account into the login page and selects Continue. The user is then redirected to your SAML 2.0 Identity Provider screen.
- User enters their username and password for your identity provider. Upon successful authentication by your IdP, the user is redirected back to the Vibes platform.
- The user is logged into the Vibes platform with access to platform modules based on their assigned permissions.
To get set up your SAML integration, please provide Vibes with the following:
- The metadata endpoint for your SAML IdP. For example: https://sso.mydomain.com/saml/metadata.
- Optionally, the fingerprint of your signing certificate if you would like Vibes to verify it independent of the certificate or fingerprint provided in your IdP's metadata.
Once setup has been completed on Vibes' side, Vibes will direct users logging into the Vibes Mobile Engagement Platform to your IdP for authentication.
- The metadata endpoint for Vibes SAML Service Provider is listed below. The metadata is signed.
entityidVibes uses is:
The identifier Vibes expects back is the email address of the user. If your users don't have a unique email address, contact your Vibes account manager to discuss a custom solution.
- AuthnRequest - HTTP Redirect Binding.
- AuthnRequest - HTTP POST Binding.
- SAML Assertion - HTTP POST Binding.
- Metadata XML.
- SAML Assertions.
- Vibes supports encrypted elements in SAML Assertions.
Vibes' user timeout period is 24 hours of inactivity. After 24 hours of inactivity, Vibes will re-authenticate using your identity provider.
Only users that are configured for third-party authentication will be accepted from the customer identity provider. Other users will receive an invalid authorization error.
Updated 8 months ago