SAML Configuration Instructions

Russell Sherman Updated by Russell Sherman

SAML 2.0 SSO Configuration Guide

VISO TRUST supports SSO with any SAML 2.0 compliant identity provider (IDP). You will need to configure these parameters in your IDP. Take care to follow the instructions and do not hesitate to contact support@visotrust.com should you run into any problems. 

The following information is what you will need to configure in your IDP, after which you will need to provide back to VISO the unique URLs and certification information.

  • Audience URI (Entity ID):
    • Provided by your CS representative.
  • Single Sign-on URL (ACS Url):
    • Provided by your CS representative.

IMPORTANT!

We require the Name ID format to be a lowercase email address

We require the SAML assertion attributes in the following attribute name formats with no namespace or format specified. The email attribute value must be the same value as the Unique User Identifier, and will be used to send email from the platform.

  • firstName
  • lastName
  • email

An example in Okta

An example in Azure/Entra ID

Information we will need from your identity provider

  • IDP SSO URL
  • IDP Issuer URL
  • X.509 Certificate
  • (Optional) IDP metadata

Additional information

VISO TRUST does not support IdP initiated login. As such, having a tile or link on your SSO dashboard will not actually sign users into the application. To get around this, we recommend creating a “Bookmark” application that points to https://app.visotrust.com, as well as hiding the actual SAML app from your users.

Please ensure that all users who require access to the application have been assigned access via your IdP.

This configuration allows you to create new users within the VISO TRUST platform. Simply add them to the application in your SAML IdP and instruct them to sign in by typing their email and clicking Next. New users will not be created if the user tries to “Sign in with Google” or “Sign in with Microsoft”. Their first login must use your SAML provider. Social logins will work after the users first successful login.

Here are some logos for use in your directory, as you see fit.

How did we do?

Contact