This document provides a comprehensive guide to integrating PureAUTH Passwordless Authentication with a Service Provider (SP) that supports the SAML 2.0 protocol for authentication.
In order to integrate PureAUTH Passwordless Authentication with the SP, we will need to establish trust between the PureAUTH Identity Provider (IDP) and the SP. The following configuration establishes the trust and enables PureAUTH to act as the Identity Provider.
Configuration on PureAUTH Platform
- On the “PureAUTH Dashboard Portal” click on Applications option.
- Click on “Add New Application” and select the Custom App “Custom App SAML Authentication”.
- Configure the properties as given below:
- Application Name: YOUR-APPLICATION-NAME
- Dataset for email: Primary ( Corporate Email )
- Saml Response Endpoint (ACS URL): <This URL will be provided by the SP as ACS endpoint or the Login URL>
- Audience (Entity ID): <This URL will be provided by the SP>
- SP SLO URL: <This URL will be provided by the SP>
- Sign Assertion : Checked
- The fields to be provided by the SP will be present on the SAML configuration page or in the Metadata given by the SP.
- Click on “Add”.
Note: If you are not sure what fields to enter during application creation, enter https://www.example.com and create the application. Once the SP configuration is complete, you can edit the application in PureAUTH Columbus to enter the correct information.
You should see your newly added Application’s page. Please keep this page open as these details will be needed for the next steps.
The Certificate and links will be used further in the setup.
You will see this page after adding the application. Please take note of the highlighted fields.
Steps to Add PureAUTH as IDP in SP
- Navigate to the Authentication settings page for your application.
- Enable SAML authentication if the option is available.
- Go to the Single Sign on Settings/SAML configuration.
- Add a new identity provider.
- In the configuration, you will be able to see some fields corresponding to the fields generated by the PureAUTH IDP.
- Enter the Entity ID from the PureAUTH portal in the issuer field.
- Enter the Saml Login URL in the ACS/Login URL field.
- Enter the Certificate in the certificate field. (Copy the whole highlighted certificate from —-BEGIN—- to —-END—-).
Note: If the SP asks you to upload a certificate file, Copy the certificate from the PureAUTH portal into a text editor and save it as a “.pem” file. Now you can upload this file to the SP.
- Enter the SAML logout URL if the SLO field is available.
- Save the configuration.
- Go to your login page and check if the SP is redirecting you to PureAUTH and you should be able to see a QR code.