Important: When setting up the SAML connection, you will need to add values for Audience / Entity ID and ACS URL / Single Sign-On Url. These will be available after setting up the SSO connection within FundApps. After you have set up the connection in FundApps, click on the Settings button for that connection, and you will see the values that you should use.
We recommend creating a SAML application in your IDP with dummy values for Audience / Entity ID and ACS URL / Single Sign-On Url, setting up the SSO connection in FundApps, then going back to your IDP and updating the details using the values provided on the settings page. For more information, see Finish Configuring SAML Connection in Identity Provider at the bottom.
Configure a SAML Connection with your Identity Provider (IdP) (Prerequisite)
SAML is a standard that enables seamless authentication and authorization between different services. SSO operates via these standards to provide your application with a single entry point, minimizing the need for multiple login prompts and improving security. The following steps will guide you through setting up a SAML connection with your IdP.
Please note: The specifics of the configuration process can differ depending on the identity provider you're using. Here, we provide a general outline of the process.
Access Your IdP's Admin Console: Navigate to your identity provider's administration console or equivalent. This could be Azure Active Directory, Google Workspace, Okta, or others. Log in with your administrative credentials.
Create a New SAML Application: Look for the option to manage SAML applications, usually found under "Applications," "Services," or a similar heading. Choose to create a new SAML application.
Fill in Basic Information: You'll be asked to provide some basic information about your application, such as the name, description, and logo. This will help users identify your application in their list of services.
Configure Sign-In URL: Specify the URL that FundApps will direct the user to in order to enter their credentials.
Configure User Attributes & Claims: These fields determine what user data your application will receive. The only required claim for setting up a FundApps SSO Connection is the user’s email address as the Name ID. If your provider allows you to specify a name ID format, it should be mapped to the user’s email address.
Finish and Save: Once you've filled in the necessary information, save your changes to finish creating the SAML application.
Remember: You won’t be able to enter the correct ACS URL/Single Sign-On URL or the Audience/Entity ID until a FundApps SSO Connection has been created - so just enter some dummy values for now.
You have now configured a SAML connection with your IdP! Keep the details handy, as they will be used in the next steps to set up SSO in your application.
Important: Always review your identity provider's specific documentation for the most accurate and detailed steps.
Create SSO Connection (Required)
Login to the administration portal provided by your Identity Provider.
Download, or otherwise make a note of, the content of the X509 certificate for the connection you just created in your IdP’s portal.
Make a note of the Sign In URL (sometimes called ACS URL as mentioned above)
There are three fields that are set only in FundApps and not initially with your IdP. Decide which value you want to use for each:
Sign Request: When enabled, the SAML authentication request will be signed.
If Sign Request is set to True:
Sign Request Signature Algorithm: valid values for a SAML SSO connection in FundApps are RSA-SHA1 or RSA-SHA256
Sign Request Digest Algorithm: valid values for a SAML SSO connection in FundApps are SHA1 or SHA256)
If needed, FundApps’ signing certificate is downloadable here
Enter the above details into the FundApps SSO Connection Portal (pictured below):
Click Create to finish setting up the SAML SSO Connection.
Finish Configuring SAML Connection in Identity Provider
Login to the administration portal provided by your Identity Provider.
Configure Remaining IdP SAML Settings: Back in your IdP’s configuration, you'll need to enter the FundApps Entity ID and Assertion Consumer Service (ACS) URL, which is where SAML responses are sent.
Entity ID (sometimes called Audience URI): This is a unique identifier for your application that the IdP uses to recognize it. This will be available from within the connection settings in FundApps. This will look something like
urn:auth0:fundapps:<connection-name>ACS URL (sometimes called Single Sign-on URL): This is the endpoint in your application where the IdP will send SAML assertions. This will be available from within the connection settings in FundApps. This will look something like
https://auth.fundapps.co/login/callback?connection=<connection-name>The properties become visible when you edit an existing connection in FundApps:
Once you have entered the Audience URI and ACS URL into your IdP configuration, you can now test the connection. On the FundApps SSO configuration dashboard, click the Try button and enter your credentials on the ensuing IdP sign-in page.
If your sign-in was successful, you should see this page:
Your SSO Connection is now ready for use!