Requirements
Permissions in your IAM solution to setup and configure SSO connections to third-party application.
Supported Features
The Generic Mapiq SSO integration for SAML currently supports the following features:
SP-Initiated SSO
JIT (Just-In-Time) Provisioning
Configuration Steps
Setup the SSO connection for SAML 2.0 in your IAM solution with the information provided in the SAML 2.0 configuration section below. <TODO: test environment yes/no>
Ensure that the required claims for Mapiq are correctly configured as described in the Claims section.
Configure any desired optional claims as described in the Claims section.
Locate the Metadata URL of your configured SSO connection or application.
Contact Mapiq support or your Mapiq contact person and request that they enable SSO with SAML 2.0 and provide the previously collected Metadata URL, your IAM solution and email domains used by your users.
Completed! Your users can now sign in to Mapiq using SSO. Additionally, you can start assigning users to the application.
SAML 2.0 configuration
Mapiq requires that the SAML responses and assertions are signed using SHA-256.
Mapiq uses the NameID attribute value of the SAML subject to identify users.
The following table provides the configuration details for setting up SAML 2.0 for our production and testing environment.
| Production | Sandbox |
Metadata url | TBD | |
Entity ID | TBD | |
ACS url | TBD |
Claims
Mapiq expects the following SAML attributes to be present, without namespaces:
SAML Attribute Name | Description |
givenname | The user’s first name. |
surname | The user’s last or family name. |
displayname | The user’s full name. |
emailaddress | The user’s email address. |
Additionally, there are optional SAML attributes that can be provided to Mapiq for additional functionality. You are free to map them to user properties as applicable in your organization. The optional available attributes are, without namespaces:
SAML Attribute Name | Description |
jobtitle | The user’s job title (e.g. ‘senior manager’, or ‘trainee’). |
department | The department the user is a part of (e.g. ‘finance’ or ‘IT support’). |
businessunit | The business unit the user is part of (e.g. ‘company logistics’). |
office | The office where the user is based (e.g. ‘Amsterdam’ or ‘London’). |
country | The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’). |
externalid | An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number). |
SP-Initiated SSO
Go to https://app.mapiq.com
Click Sign in
Provide your company email address
Sign in with your company credentials
Troubleshoot
Please refer the common SSO errors page.
Notes
Mapiq doesn’t provide a backup sign-in URL in case of a misconfiguration of the SSO integration. Please contact Mapiq Support if you lock yourself out.