SSO
SSO Configuration
Overview
The following requirements and steps and details should be followed and shared with First Orion to enable SSO. Currently, SAML is the only single-sign-on authentication mechanism available.
Requirements
- IdP Initiated
- SAML
- metadata.xml
Pre-Requisites
Send request to [email protected] to initiate SSO configuration.
Steps
- Configure the following URLs in your IDP
| URL | Path |
|---|---|
| Single Sign On URL | https://portal.firstorion.com/app/saml/SSO |
| Recipient URL | https://portal.firstorion.com/app/saml/SSO |
| Destination URL | https://portal.firstorion.com/app/saml/SSO |
| Audience Restriction | https://portal.firstorion.com/app/saml/metadata |
- Declare an EntityId to be shared with First Orion and configured in metadata.xml
Commonly, and EntityId is the customers URL - for example: https://firstorion.com/sso_entityId - Update metadata.xml file to include AudienceRestriction
<saml:AudienceRestriction> <saml:Audience>https://portal.firstorion.com/app/saml/metadata<saml:Audience> </saml:AudienceRestriction>
- Provide Updated metadata.xml file to First Orion
- Configure users in IDP to access First Orion Application
FAQ
Q: Does the First Orion Service require any custom claim/custom attribute configurations?
A: No custom claims or attributes are required. However, if you want to override default user role (Business Admin) you can optionally send a custom attribute:
- Custom attribute: "roleId"
- Custom attribute value: _Provided by First Orion (UUID format)
Q: What subject is expected in the authentication result?
A: Email
Updated about 2 months ago
