Common
- Configure a new SAML SSO App at your IdP (Identity provider), entering the following:
- ACS (Access Consumer Service) URL: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/acs (e.g. https://kdn.kadonationselect.com/saml/acs)
- Entity id: https://<your-kadonation-select-subdomain>>.kadonationselect.com/saml/metadata (e.g. https://kdn.kadonationselect.com/saml/metadata)
- Name id: email
- SAML Attribute mapping:
- email -> email of the user
- firstName -> first name of the user
- lastName -> last name of the user
- Please send your SAML SSO data to sso-setup@kadonation.com, we need the following data to configure your SAML SSO.
- IDP SAML SSO URL
- IDP entity ID
- Certificate (x.509)
- Kadonation will schedule a meeting with you to set up this data and to test if the configuration went well.
Specifically for Azure Active Directory
- Configure a new SAML SSO App at your IdP (Identity provider)
- Go to Azure Active Directory Admin center
- Click enterprise applications
- Create a new application
- Open single sign on
- Edit basic SAML configuration
- Entity id: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/metadata (e.g.. https://kdn.kadonationselect.com/saml/metadata
- ACS (Access Consumer Service) URL: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/acs (e.g.. https://kdn.kadonationselect.com/saml/acs
- Edit attributes and claims
- Unique User Identifier (Name ID): email, most of the times user.userprincipalname
- Add additional claims:
- email -> e-mail of the user
- firstName -> first name of the user
- lastName -> last name of the user
-
Important: make sure the namespace is empty for all additional claims
- Please send your SAML SSO data to sso-setup@kadonation.com, we need the following data to configure your SAML SSO.
- IDP SAML SSO URL
- IDP entity ID
- Certificate (x.509)
- Kadonation will schedule a meeting with you to set up this data and to test if the configuration went well.
Common Issues
User has no access
- If the error message appears at the identity provider, it usually means that the user is not linked to the SAML application.
- Grant the user access to the SAML application via the settings in the identity provider. Ask the user to try again.
- If the error message appears on Kadonation, it usually means that the email address we receive does not exist in the user list on Kadonation Select.
- Add the user to Kadonation Select and ask the user to try again.
If there are still issues, contact sso-setup@kadonation.com, and they will assist you further.
Comments
0 comments
Please sign in to leave a comment.