All Collections
Mapiq for Admins
Authentication
Configure Generic - SAML 2.0
Configure Generic - SAML 2.0
Updated over a week ago

Requirements

Permissions in your IAM solution to setup and configure SSO connections to third-party application.

Supported Features

The Generic Mapiq SSO integration for SAML currently supports the following features:

  • SP-Initiated SSO

  • JIT (Just-In-Time) Provisioning

Configuration Steps

  1. Setup the SSO connection for SAML 2.0 in your IAM solution with the information provided in the SAML 2.0 configuration section below. <TODO: test environment yes/no>

  2. Ensure that the required claims for Mapiq are correctly configured as described in the Claims section.

  3. Configure any desired optional claims as described in the Claims section.

  4. Locate the Metadata URL of your configured SSO connection or application.

  5. Contact Mapiq support or your Mapiq contact person and request that they enable SSO with SAML 2.0 and provide the previously collected Metadata URL, your IAM solution and email domains used by your users.

  6. Completed! Your users can now sign in to Mapiq using SSO. Additionally, you can start assigning users to the application.

SAML 2.0 configuration

  • Mapiq requires that the SAML responses and assertions are signed using SHA-256.

  • Mapiq uses the NameID attribute value of the SAML subject to identify users.

The following table provides the configuration details for setting up SAML 2.0 for our production and testing environment.

Production

Sandbox

Metadata url

https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_signup_signin/samlp/metadata?idptp=Federated-Generic-SAML

TBD

Entity ID

https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase

TBD

ACS url

https://mapiqprod.b2clogin.com/mapiqprod.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer

TBD

Claims

Mapiq expects the following SAML attributes to be present, without namespaces:

SAML Attribute Name

Description

givenname

The user’s first name.

surname

The user’s last or family name.

displayname

The user’s full name.

emailaddress

The user’s email address.

Additionally, there are optional SAML attributes that can be provided to Mapiq for additional functionality. You are free to map them to user properties as applicable in your organization. The optional available attributes are, without namespaces:

SAML Attribute Name

Description

jobtitle

The user’s job title (e.g. ‘senior manager’, or ‘trainee’).

department

The department the user is a part of (e.g. ‘finance’ or ‘IT support’).

businessunit

The business unit the user is part of (e.g. ‘company logistics’).

office

The office where the user is based (e.g. ‘Amsterdam’ or ‘London’).

country

The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’).

externalid

An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number).

SP-Initiated SSO

  1. Go to https://app.mapiq.com

  2. Click Sign in

  3. Provide your company email address

  4. Sign in with your company credentials

Troubleshoot

Please refer the common SSO errors page.

Notes

Mapiq doesn’t provide a backup sign-in URL in case of a misconfiguration of the SSO integration. Please contact Mapiq Support if you lock yourself out.

Related Articles
Configure Azure AD - SAML 2.0
Configure Okta - SAML 2.0
Configure Azure AD - OIDC
Configure Generic - OIDC
Getting started with SSO
Did this answer your question?