This document outlines the requirements to initiate SAML 2.0 between Studio and the client directory. Clients wishing to implement SAML should request a call with their Brandlive representative, who will schedule a meeting with Brandlive Solutions for implementation.
SAML 2.0
• SAML Flow: SP-Initiated and IdP-Initiated
• SP HTTP Protocol: https
• SP Entity ID: https://onlinexperiences.com/
• SAML NameID Format: urn:oasis:names:tc:SAML:2.0:nameid-format: transient
• SP Assertion Consumer Service (ACS) URL: https://onlinexperiences.com/Registration/SSO_SAML.asp
• SP Start URL: Each time there is a webcast, it is uniquely identified by a ShowKey (integer). Therefore, the SP Start URL will always begin with the following, but then have a varying integer at the end.
o https://onlinexperiences.com/Launch/Event.htm?ShowKey={here}
• For IdP-initiated, the unique ShowKey is included in the Response for Brandlive to know which SAML-configured event/webinar to allow entry into.
Initiating SAML: requirements needed from the client
Information needed to enable 2-factor Authentication and Single Sign-on (SSO) access via SAML to Brandlive Studio:
• (For Brandlive) Client = IdP
o Client to provide a link to metadata, including endpoint URL and x509 certificate
o Client to provide a list of response’s named payload attributes to be mapped. Unique email is a minimal requirement, while First Name and Last Name are recommended to help identify users.
Fields are case-sensitive and exact spellings are required (field requirements to be passed)
o Client to provide public X509 certificate
• (For Client) Brandlive Studio = SP
o Entity ID = https://onlinexperiences.com
o (ACS) Assertion Consumer Service = https://onlinexperiences.com/Registration/SSO_SAML.asp
Comments
Updated details to acquire from client and added recommendations for fields to map
Please sign in to leave a comment.