SAML

Modified on Tue, 11 Mar at 12:02 PM

SAML

To set up a SAML connection between an external IdP (ie. Google Workplace) and Service Provider (Simployer Auth0), you'll need to configure both services to establish the trust and exchange of SAML metadata.

Client-side - Set up external IdP configuration

ACS Uri - as https://login.simployer.com/login/callback?connection=hrd-XXXXX

Entity ID - as urn:auth0:simployer:hrd-XXXXX

ClaimType Mapping - by the current SAML standard

Using Google Workplace App as an example

Go to the "Apps" section and select "Web and mobile apps."

Click the "Add app” button to add a new “Custom SAML app”.

Fill App details

Download IdP metadata

Fill ACS URL and Entity ID fields according to the values provided by Simployer.

Add SAML attribute mapping according to the values provided by Simployer and finish creating the app.

Google Directory Attributes	App attributes
Primary email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
First Name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last Name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Primary email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

6. After creation expand the “User Access” section and turn on the application

The client on its side can decide whether to make the application available to all users in the entire organization unit, to a subunit, or to a specific group.

metadata.xml file downloaded during app creation should be shared with Simployer to complete the integration setup. It can be placed on a public (unsecured) FTP/http endpoint or sent via any other method agreed with the integration team. The file does not contain any sensitive data.