Skip to main content
Skip table of contents

Configuration of your SAML Provider

In this manual, we use Azure AD as our Identity Provider to manage our identities and therefore to configure our SAMP Provider. You can use any other solution that supports the SAML 2.0 protocol.

First, you need to Create your own application in the Azure enterprise applications.

image-20240807-111918.png

Once the application is created, you can make the necessary configurations under Single sign-on.

In there, you will need to add Identifier (Entity ID), Reply URL and Sign-on URL. You can copy all three URLs from the Onventis Buyer SAML configuration view:

image-20240807-111929.png

When the Basic SAML configuration is filled in, you can start with step number two and enter the SAML attributes.

  • email
    The address is used as a unique identifier by our Identity Provider

  • firstName & lastName
    Helping us with our support use-cases and used for addressing users on UI and in emails

  • preferredUsername
    Used to link an identity between our IDP and the Onventis Buyer application. It is maintained as “External user name” field (Excel field name “ExternalUserId”) in the user master data in the “Advanced” tab of Onventis Buyer. So you are able to change the External user name as you wish to in order to create matching between the SAML user and the Onventis Buyer user.
    To create the matching entry in Onventis Buyer you can add the preferredUsername to the ExternalUserId field of the user. This can be done either via import job or via the Onventis Buyer UI.

To make these attributes part of your SAML request, you must set up a claim mapping in your SAML provider. A claim is information, that an identity provider specifies about a user in the XML it issues to that user. In the SAML protocol, this data is usually included in the SAML attribute statement.

When configuring the claim mapping, please make sure on all Claims, to have an empty Namespace URI, otherwise the communication will fail:

image-20240807-111940.png

After finishing with all values, the claim mapping in your Azure application could look like the following:

image-20240807-111948.png

Additional attributes that are sent will be ignored. When claims are mapped correctly, the AttributeStatements in the SAML communication will look like the following example:

image-20240807-111956.png

When the configuration of your SAML Provider is finished, you can copy the Azure-generated metadata URL. You can find it under Single sign-on configuration #3 SAML Certificates section → App Federation metadata Url.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close