Setup an external SAML2 Identity Provider

Configuring Strivacity with an external SAML2 Identity Provider (IdP)

Following these steps will enable you to set up an external OIDC identity provider with Strivacity (and your application).

Start by logging into the Admin Console using an admin account.
From the left-hand menu, select Identities, then Enterprise login.
From the Enterprise Login screen, click the + Create login provider button in the top right-hand corner.
From the Create enterprise login provider screen, click the SAML icon, as shown below:

The Create login provider screen will now be displayed.

The table below provides guidance on how to complete fields under general settings and the Configuration tab:

Field Name	Description
Name	Define a name for this Enterprise SAML2 Login Provider. This name is used to refer to this provider throughout Strivacity.
Description	Define a description to help other admins understand what this provider is used for.
Policy tag	Tagging in Strivacity allows you to label your applications, policies, journeys, and hooks with custom tags. This feature helps you categorize and organize these resources for easier management and search.
Login button text	This is the text that is displayed on the login button on the log-in screen. If no custom text is displayed here, then the name will be used.
Synchronize and store profile data at each login	If you choose to synchronize and store profile data at each login, Strivacity will retrieve and store this information. It will be visible to the customer in the My Account page and to any admins when managing the customer identity.
Only store mapped values	Any metadata that belongs to an external account will not be stored.
Entity ID	The Entity ID is automatically generated when you save the provider at the end of this process. This is the primary identifier used by your application to trust Strivacity when it performs any services on its behalf (such as authentication). This is public.
URL	Set the URL to load SAML XML metadata from. This URL must be publicly accessible via the desired IdP.
File	Upload a file to load SAML XML metadata. This file is typically obtained from the desired IdP's admin interface.
Metadata preview	Presents a high-level preview of the SAML XML metadata that was loaded. This is useful for double-checking that the desired IdP's metadata has been loaded properly.
Force authentication	Instruct the desired IdP to force user interaction and not reuse the authentication state from previous authentications (sets ForceAuthn to true in the SAMLRequest).
NameID format	Specify the name identifier format that will be presented within the SAMLRequest. This is a hint to the IdP as to how the primary identifier will be formatted.
Protocol binding	Determine if the SAML parameters are sent as a query string or in the body of a POST. These settings typically must be agreed upon between the IdP and SP configuration settings.
Enable IdP-initiated login from this provider	Allows users to log in using a direct IdP-initiated SSO link without an SP request. Deep-linking is not supported, and this applies only to application-level configured external providers. If multiple providers with the same Entity ID are enabled, login will fail.

Once completed, select Save. You will now be able to view the Claim mappings tab, and edit and add any additional claims for this SAML2 integration.
Once you've made any changes to Claim mappings, you can copy the Entity ID from your third-party application and paste the respective values into the Client ID and Client secret fields. Select Save.

Strivacity will use the User attributes of the customer's profile. If you choose to synchronize and store any account profile data at each login, Strivacity will retrieve and store this information. It will be visible to the customer on the My Account page and to any admins when managing the customer identity.