Customer Information Required for SSO Setup

Updated 

Before starting the configuration of SSO setup on the platform, there are some details that need to be sent from the Identity Provider’s end. Based on these details, the fields would be set on the platform UI to set up SSO for the client. Follow this article for information about the details that need to be sent from the IDP end to Sprinklr to set up SSO.

Information Required from Customer

  1. Subdomain: The prefix of Domain, based on the discussion with the client. If the Client name is 'abc' then the SSO URL will be abc.sprinklr.com

  2. IDP Certificate: Public Key Certificate of the Identity Provider of the Client.  (Certificate format should be: PEM)

  3. Identity Provider Login URL, Entity ID of Identity Provider, and also which type of Binding needs to be set either HTTP POST or HTTP REDIRECT. (HTTP ARTIFACT is not supported by Sprinklr). 

  4. Is the customer authenticating on Email or Federation ID.

  5. Confirmation that email is passed as the Name ID. (Mention the attribute if not using Name ID)

  6. Test users credentials: Name, email, and Federation ID (if using) are required to test out the configuration once added. It's recommended to get 1-3 user emails for sanity.

  7. If the request signature method is RSA-SHA1 or RSA-SHA256

    Link to the requirement checklist from customer: Requirement Checklist Document

Things to Note

  1. Along with the above details, the client must also send a metadata file provided by the IDP. The metadata file is a similar representation of the Requirement Checklist in another format.

  2. To generate the Metadata file, the client needs the Login URL, Entity ID and Public Key Certificate from IDP end. If you have the required details, you can simply create the metadata file yourself, by visiting this site https://www.samltool.com/idp_metadata.php.

  3. As the details would be different for the Staging and Production process we would need two different Metadata files from the client.