Skip to end of metadata
Go to start of metadata

This section outlines the process for configuring your Vivi environment to accept SAML authentication.

Once you have enabled SAML, Vivi creates the metadata URL - this can be used to automatically configure your relying party trust in ADFS.

It will look something like this: 

https://api.vivi.io/api/v1/users/saml_metadata/xxxx-xxxx-xxxx

Where xxxx is your organization’s unique ID.


Set Up Claims

You will need to login to your ADFS instance and configure an LDAP claim that provides: username, display name, and email.

We need information about group membership to assign permissions. Set up two "Send Group Membership as a Claim" claims as in the screenshot, one for presenters and one for students. Currently the "outgoing claim values" must be exactly "presenters" and "students" respectively.

Finally, clicking the "View Rule Language..." button in the bottom left of each edit claim window shows the particular IDs used for each claim. You'll need to include these in the information below so that we can extract the claims on our end.


SAML Settings

SettingDescription
SAML Default Email DomainA default email domain to use in case a user has no email address, e.g. "myschool.com.au", then emails will be "username@myschool.com.au".
SAML SSO URL

Full URL to your IdP SSO endpoint, e.g. "https://dc.example.com/adfs/ls/".

SAML SLO URLFull URL to your IdP SLO endpoint. May be left blank if this is the same as the SSO endpoint.
SAML Token-Signing CertificateExported Token-Signing Certificate from your ADFS, in PEM format.
SAML Name AttributeName used by your IdP for the claim mapping a user's display name, e.g. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
SAML Email AttributeName used by your IdP for the claim mapping a user's email, e.g. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress".
SAML Group AttributeSAML Group Attribute: Name used by your IdP for the claim mapping a user's group membership, e.g. "http://schemas.xmlsoap.org/claims/Group".


SAML should now be ready to test. Open a version 2.6+ client (or restart if already open) and attempt to sign in with the username and password of an account in one of the appropriate groups.