Definitions

IdP: The Identity Provider is the system that holds the customer records and login credentials that will be referenced for during the login process.

SP: The Service Provider is the system that is requesting the account validation before proceeding, in this case vivenu.

Claims: Data that is automatically pushed from the IdP to the SP during a SAML login.

Scopes: Data that is requested by the SP from the IdP during an OpenID login.

Assumptions

vivenu can integrate with a number of different Single Sign-On (SSO) Identity Providers (including custom databases) but for the purposes of this “How to” document we will focus on three of the primary IdPs:

  1. Microsoft Azure (Entra)

  2. Amazon Web Services

  3. Okta

We will focus on the two primary protocols:

  1. SAML 2.0

  2. OpenID

We will not address JSON Web Tokens custom integrations in this document

Links

Links to specific Implementations

Azure (Entra) implementation

  1. SAML

  2. OpenID

Amazon Web Services Implementation

  1. SAML

Okta Implementation

  1. SAML

  2. OpenID

Setup

How to Connect a 3rd party Identity Provider with vivenu

vivenu offers support for both OpenID and SAML2.0 protocols. Follow the steps outlined below to set up the integration:

1. Access your vivenu Dashboard:

Navigate to the Settings then Shop section and Authentication tab.

Within the Identity provider box, you have an option to select between OpenID and SAML2.0. Choose your desired protocol based on your third-party provider's capabilities.

If you selected OpenID:

Expand all

If you selected SAML2.0:

Expand all

2. Configure the Identity Provider:

Please note that to get that information you must probably go to your third-party identity provider's dashboard or control panel.

Set up a new SSO application or connection, picking either OpenID or SAML2.0 based on your earlier choice.

Azure (Entra) Implementation

SAML 2.0

This process will require us to start in the vivenu dashboard, setup a basic version of the SAML integration, switch over to Entra and configure the Entra Enterprise application and then switch back to vivenu to finalize the integration.

Launch vivenu and navigate to Settings > Shop > Authentication

Scroll down to Identity Providers and select the Add Provider button

This will load the SSO configuration page in vivenu. Enter your preferred SSO button text as the name of the provider (i.e. Student Login or Member Login), select the SAML option and for the purposes of the initial configuration, enter https://tempURL in the SAML Protocol URL box and TempCert in the SAML Cert box and click the SAVE button.

This will create a SAML SSO integration in vivenu and generate a Callback URL. Copy the Callback-URL for use in the Entra configuration and switch the SSO integration to active (the switch in the upper right of the SSO integration.

With the vivenu configuration established, switch to the Entra instance and create a new Enterprise Application.

When you select the option to create a new application, Entra will present a list of integrations in their app store and will try to guide you into selecting one of them. Select the Create your own application option just under the Browse Microsoft Entra ID Gallery.

This will load a window on the right-hand side of the screen requesting information about the type of application to add to Entra. Enter a name for the application (recommend using Vivenu and the type of integration as shown below) and select the Integrate any other application you don’t find in the gallery (Non-gallery) and click the Create button.

This will create a new application and return to the configurate screen for the newly created application.

Select the Get Started link under the Set up single sign on box

Select the SAML box.

This will load the SAML Configuration Screen. Select the pencil icon next to Edit in the Basic SAML Configuration section.

This will load a configuration window on the right-hand side of the screen. Click the Add identifier link and enter login.microsoftonline.com as the unique identifier. Click the Add reply URL and paste the Callback-URL created in vivenu earlier. Click the save button at the top of the page to configure the SAML application.

Click the pencil icon next to Edit on the Attributes & Claims box.

Map the claims from the Entra tenant to the vivenu datapoints. SAML will send these claims to vivenu at the time of successful login. Here is a list of supported vivenu datapoints:

  1. user.givenname

  2. user.surname

  3. user.mail

  4. user.city

  5. user.state

  6. user.postalcode

  7. user.streetaddress

  8. user.country

Click the Download box next to the Certificate > Base64 in the SAML Certificates box.

Click the copy button next to the Login URL in the Setup <application name> SAML box.

Return back to vivenu and click the three dots next to the SSO integration and select the Edit button.

Paste the Login URL into the SAML Protocol URL box and the Certificate date into the SAML Certificate box (you may need to open the Certificate with a text editor to copy and paste it). The Cert should have -----BEGIN CERTIFICATE----- at the beginning and -----END CERTIFICATE----- at the end. Click the save button on the SSO integration box and the main save button in the vivenu dashboard.

For the sake of better readability, the simultaneous use of the language forms male, female and diverse (m/f/d) is waived. All personal designations apply equally to all genders.