Guide to setup SAML SSO Integration
Information needed to complete the integration:
- Single sign on URL: https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/acs/
- Audience URI (SP Entity ID): https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/metadata/
- Name ID Format: Email Address
- Application Username: Email
- Attribute Mappings:
- mail -> user.email (Name Format: Unspecified)
- cn -> user.firstName (Name Format: Unspecified)
- sn -> user.lastName (Name Format: Unspecified)
- Signature verifying certificate -> Request Bucketlist product team for the public key signing certificate
Information required to provide BucketlistRewards
- Metadata in XML (remote file URL or the file itself)
Once you provide XML metadata (remote or file), request Bucketlist product team to enable SAML SSO for the company.
Step by step guide for OKTA
- Log into your OKTA admin and select "Applications" from left menu
- Click on "Add Application" button
- Click on "Create New App" button
- In the create application dialog, select "Web" as platform and "SAML 2.0" as Sign on method. Click "Create" button to create the application.
- On the "SAML Settings" screen, enter https://company-subdomain.bucketlist.org/saml2/acs/ as Single sign on URL and https://company-subdomain.bucketlist.org/saml2/metadata/ as Audience URI (SP Entity ID). Remember to replace "company-subdomain" with your company's actual subdomain. Select "EmailAddress" for Name ID format and "Email" for Application username.
- For Attribute statements, add following mappings and press "Next"
- mail -> user.email (Name Format: Unspecified)
- cn -> user.firstName (Name Format: Unspecified)
- sn -> user.lastName (Name Format: Unspecified)
- Select an appropriate option from the last screen and press "Finish" to complete the app
- Next we need to assign the newly created app to people in our company. Otherwise, they would not be able to use the app. Select "Assignments" tab from top navigation of the newly created app.
- Open the "Assign" dropdown and select "Assign to People"
- From Assign dialog, search for people from your company, and click "Assign" button in front of their name.
- Confirm that the "User Name" of the user is their email address and press "Save and Go Back".
- Once done with all assignments, click the "Done" button to complete assign process.
- Now click on "Sign On" tab of the app.
- Right click the "Identity Provider metadata" link and copy the link location. Share this metadata URL with the Bucketlist product team.