DeliverySlip SAML Single Sign-On
SAML single sign-on with DeliverySlip
SAML single sign-on is available when you subscribe to DeliverySlip.
DeliverySlip enables company-wide visibility, security, and control across all your DeliverySlip application. Now there’s one place to manage your users and enforce security policies so your business can scale with confidence.
About SAML single sign-on
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, an identity provider and a service provider (such as DeliverySlip).
SAML for single sign-on (SSO) makes it possible for your users to authenticate through your company’s identity provider when they log in to DeliverySlip. SSO allows a user to authenticate once and then access multiple products during their session, without needing to authenticate with each of those.
Note that if you manage users for DeliverySlip with Microsoft 365 or G Suite, you’ll need to use the SSO feature provided by Microsoft 365 [LINK to Microsoft-365-aad page] or G Suite [LINK to google-g-suite page] instead.
Before you begin
As a DeliverySlip customer, there are a couple of things you need to do before you can apply SAML single sign-on to your account:
- Your DeliverySlip subscription should be in good standing.
- Make sure your identity provider uses the HTTPS protocol to communicate with the service provider, and that the configured product base URL is the HTTPS one.
- SAML authentication requests are only valid for a limited time, so make sure the clock on your identity provider server is synchronized using NTP. If you’re using a SaaS identity provider, your clock should already be synchronized.
Supported SAML Identity Providers
|Identity Provider||Setup Instructions|
|CA Single Sign On (SiteMinder)||https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/legacy-federation/configure-a-saml-2-0-service-provider|
Best-Effort supported identity providers
Follow the steps in this section if your identity provider is not listed in the table above.
Add DeliverySlip to your identity provider
In this step you tell your identity provider that DeliverySlip will use SAML single sign-on.
- If you use an on-premise identity provider, your users will only be able to authenticate if they have access to the identity provider (for example, from your internal network or a VPN connection).
- The Single Sign-On URL should be: https://auth.secure-messaging.com/jsaml/response/default.aspx
- Use the Single Sign-On URL for Recipient and Destination URL properties
- Make sure that your identity provider can send email using the NameId and username
- For the Entity Id, your account Service GUID should be specified. If you are unsure of your Service GUID, please submit a ticket to email@example.com requesting the Service GUID for your account.
- When you add DeliverySlip, add the following SAML attribute mappings to your identity provider:
|SAML Attribute Name||What it should map to in your identity provider|
|FirstName||User First Name|
|LastName||User Last Name|
|EmailAddress||User Email Address|
* DeliverySlip only supports service provider initiated workflows.
SAML Configuration Completion
Once identity provider configuration is finished, the DeliverySlip support team will need to complete the configuration. Please send an email to firstname.lastname@example.org with the following information:
Subject: Complete SAML Service Provider Configuration
- Identity Provider Entity Id: [typically your Service GUID]
- Identity Provider SSO URL: URL your users will be redirected to when logging in.
- Public x509 Certificate: This value begins with ‘—–BEGIN CERTIFICATE—–‘. This certificate contains the public key we’ll use to verify that your identity provider has issued all received SAML authentication requests.
When configuration is complete, Wilson will reply indicating so with instructions to test.