Skip to main content

How to configure SAML SSO for your Kadonation Select environment?

Fabrice Guillermin
Updated

Common

  1. Configure a new SAML SSO App at your IdP (Identity provider), entering the following:
    1. ACS (Access Consumer Service) URL: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/acs (e.g. https://kdn.kadonationselect.com/saml/acs)
    2. Entity id: https://<your-kadonation-select-subdomain>>.kadonationselect.com/saml/metadata (e.g. https://kdn.kadonationselect.com/saml/metadata)
    3. Name id: email
    4. SAML Attribute mapping:
      1. email -> email of the user
      2. firstName -> first name of the user
      3. lastName -> last name of the user
  2. Please send your SAML SSO data to sso-setup@kadonation.com, we need the following data to configure your SAML SSO.
    1. IDP SAML SSO URL
    2. IDP entity ID
    3. Certificate (x.509)
  3. Kadonation will schedule a meeting with you to set up this data and to test if the configuration went well.

 

Specifically for Azure Active Directory

  1. Configure a new SAML SSO App at your IdP (Identity provider)
    1. Go to Azure Active Directory Admin center
    2. Click enterprise applications
    3. Create a new application
    4. Open single sign on
    5. Edit basic SAML configuration
      1. Entity id: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/metadata (e.g.. https://kdn.kadonationselect.com/saml/metadata
      2. ACS (Access Consumer Service) URL: https://<<your-kadonation-select.subdomain>>.kadonationselect.com/saml/acs (e.g.. https://kdn.kadonationselect.com/saml/acs
    6. Edit attributes and claims
      1. Unique User Identifier (Name ID): email, most of the times user.userprincipalname
      2. Add additional claims:
        1. email -> e-mail of the user
        2. firstName -> first name of the user
        3. lastName -> last name of the user
        4. Important: make sure the namespace is empty for all additional claims
  2. Please send your SAML SSO data to sso-setup@kadonation.com, we need the following data to configure your SAML SSO.
    1. IDP SAML SSO URL
    2. IDP entity ID
    3. Certificate (x.509)
  3. Kadonation will schedule a meeting with you to set up this data and to test if the configuration went well.

 

Common Issues

User has no access

  • If the error message appears at the identity provider, it usually means that the user is not linked to the SAML application.
    • Grant the user access to the SAML application via the settings in the identity provider. Ask the user to try again.
  • If the error message appears on Kadonation, it usually means that the email address we receive does not exist in the user list on Kadonation Select.
    • Add the user to Kadonation Select and ask the user to try again.

 

If there are still issues, contact sso-setup@kadonation.com, and they will assist you further.

Comments

0 comments

Please sign in to leave a comment.