This section outlines the process for configuring your Vivi environment to accept SAML authentication.
Once you have enabled SAML, Vivi creates the metadata URL - this can be used to automatically configure your relying party trust in ADFS.
It will look something like this:
Where xxxx is your organization’s unique ID.
Set Up Claims
You will need to login to your ADFS instance and configure an LDAP claim that provides: username, display name, and email.
We need information about group membership to assign permissions. Set up two "Send Group Membership as a Claim" claims as in the screenshot, one for presenters and one for students. Currently the "outgoing claim values" must be exactly "presenters" and "students" respectively.
Finally, clicking the "View Rule Language..." button in the bottom left of each edit claim window shows the particular IDs used for each claim. You'll need to include these in the information below so that we can extract the claims on our end.
|SAML Default Email Domain||A default email domain to use in case a user has no email address, e.g. "myschool.com.au", then emails will be "firstname.lastname@example.org".|
|SAML SSO URL|
Full URL to your IdP SSO endpoint, e.g. "https://dc.example.com/adfs/ls/".
|SAML SLO URL||Full URL to your IdP SLO endpoint. May be left blank if this is the same as the SSO endpoint.|
|SAML Token-Signing Certificate||Exported Token-Signing Certificate from your ADFS, in PEM format.|
|SAML Name Attribute||Name used by your IdP for the claim mapping a user's display name, e.g. ".|
|SAML Email Attribute||Name used by your IdP for the claim mapping a user's email, e.g. "".|
|SAML Group Attribute||SAML Group Attribute: Name used by your IdP for the claim mapping a user's group membership, e.g. "".|
SAML should now be ready to test. Open a version 2.6+ client (or restart if already open) and attempt to sign in with the username and password of an account in one of the appropriate groups.